You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@avro.apache.org by dk...@apache.org on 2019/08/02 15:02:27 UTC
[avro] branch master updated: Upgrade jackson to latest to avoid
CVE's
This is an automated email from the ASF dual-hosted git repository.
dkulp pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/avro.git
The following commit(s) were added to refs/heads/master by this push:
new 41bc0ef Upgrade jackson to latest to avoid CVE's
41bc0ef is described below
commit 41bc0ef4f2ccd65005d6ffd9ccdc141f3ac16d7d
Author: Daniel Kulp <dk...@apache.org>
AuthorDate: Fri Aug 2 10:56:06 2019 -0400
Upgrade jackson to latest to avoid CVE's
---
lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml | 3 ++-
.../src/test/resources/unit/idl/pom-injecting-velocity-tools.xml | 2 +-
lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml | 2 +-
lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml | 2 +-
.../src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml | 2 +-
lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml | 2 +-
lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml | 2 +-
.../src/test/resources/unit/schema/pom-injecting-velocity-tools.xml | 2 +-
lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml | 2 +-
lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml | 2 +-
lang/java/pom.xml | 3 ++-
11 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml b/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml
index c5be5cb..30df8d2 100644
--- a/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml
+++ b/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml
@@ -31,6 +31,7 @@
<avro.version>${project.version}</avro.version>
<jackson.version>${jackson.version}</jackson.version>
+ <jackson.databind.version>${jackson.databind.version}</jackson.databind.version>
<junit.version>${junit.version}</junit.version>
<logback.version>1.0.0</logback.version>
<slf4j.version>${slf4j.version}</slf4j.version>
@@ -60,7 +61,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>\${jackson.version}</version>
+ <version>\${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml
index 0eb38f0..c33ea58 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml
@@ -67,7 +67,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml
index 56781fa..9e09763 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml
@@ -62,7 +62,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml
index 6cfb0f5..2987fe7 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml
@@ -62,7 +62,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml
index 9284cc6..61a5ce3 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml
@@ -67,7 +67,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml
index 2e273a6..cde8044 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml
@@ -61,7 +61,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml
index 70590cf..2fc566c 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml
@@ -61,7 +61,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml
index 867a71a..fbfa132 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml
@@ -64,7 +64,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml
index 508b506..3b0ba9d 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml
@@ -65,7 +65,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml
index feb2c55..f24a26e 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml
@@ -65,7 +65,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
</dependencies>
diff --git a/lang/java/pom.xml b/lang/java/pom.xml
index 6887cfe..b8973d2 100644
--- a/lang/java/pom.xml
+++ b/lang/java/pom.xml
@@ -41,6 +41,7 @@
<hadoop.version>2.7.3</hadoop.version>
<jackson.version>2.9.9</jackson.version>
+ <jackson.databind.version>2.9.9.2</jackson.databind.version>
<servlet-api.version>3.1.0</servlet-api.version>
<jetty.version>9.4.18.v20190429</jetty.version>
<jopt-simple.version>5.0.4</jopt-simple.version>
@@ -500,7 +501,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>