You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hbase.apache.org by ap...@apache.org on 2022/10/11 17:13:05 UTC

[hbase] branch branch-2.5 updated: HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150 (#4822)

This is an automated email from the ASF dual-hosted git repository.

apurtell pushed a commit to branch branch-2.5
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2.5 by this push:
     new e8382ab08c9 HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150 (#4822)
e8382ab08c9 is described below

commit e8382ab08c9e62cbe07dec0d8bc4ab59df9f2ef3
Author: Andrew Purtell <ap...@apache.org>
AuthorDate: Tue Oct 11 10:11:12 2022 -0700

    HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150 (#4822)
    
    Jettison versions <= 1.5.0 are subject to CVE-2022-40149 and CVE-2022-40150.
    
    Move jettison.version to 1.5.1.
    
    Signed-off-by: Duo Zhang <zh...@apache.org>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index afd6dab6fdf..7fc4d6ff672 100644
--- a/pom.xml
+++ b/pom.xml
@@ -593,7 +593,7 @@
     <slf4j.version>1.7.33</slf4j.version>
     <clover.version>4.0.3</clover.version>
     <jamon-runtime.version>2.4.1</jamon-runtime.version>
-    <jettison.version>1.3.8</jettison.version>
+    <jettison.version>1.5.1</jettison.version>
     <!--Make sure these joni/jcodings are compatible with the versions used by jruby-->
     <joni.version>2.1.31</joni.version>
     <jcodings.version>1.0.55</jcodings.version>