You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ap...@apache.org on 2022/10/11 17:13:05 UTC
[hbase] branch branch-2.5 updated: HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150 (#4822)
This is an automated email from the ASF dual-hosted git repository.
apurtell pushed a commit to branch branch-2.5
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.5 by this push:
new e8382ab08c9 HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150 (#4822)
e8382ab08c9 is described below
commit e8382ab08c9e62cbe07dec0d8bc4ab59df9f2ef3
Author: Andrew Purtell <ap...@apache.org>
AuthorDate: Tue Oct 11 10:11:12 2022 -0700
HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150 (#4822)
Jettison versions <= 1.5.0 are subject to CVE-2022-40149 and CVE-2022-40150.
Move jettison.version to 1.5.1.
Signed-off-by: Duo Zhang <zh...@apache.org>
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index afd6dab6fdf..7fc4d6ff672 100644
--- a/pom.xml
+++ b/pom.xml
@@ -593,7 +593,7 @@
<slf4j.version>1.7.33</slf4j.version>
<clover.version>4.0.3</clover.version>
<jamon-runtime.version>2.4.1</jamon-runtime.version>
- <jettison.version>1.3.8</jettison.version>
+ <jettison.version>1.5.1</jettison.version>
<!--Make sure these joni/jcodings are compatible with the versions used by jruby-->
<joni.version>2.1.31</joni.version>
<jcodings.version>1.0.55</jcodings.version>