You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by GitBox <gi...@apache.org> on 2022/11/10 00:36:15 UTC
[GitHub] [kafka] pratimsc opened a new pull request, #12840: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
pratimsc opened a new pull request, #12840:
URL: https://github.com/apache/kafka/pull/12840
Updated the Jackson libraries for mitigating CVEs fixed under release `2.13.4` , ref: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13.4
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] pratimsc commented on a diff in pull request #12840: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
Posted by GitBox <gi...@apache.org>.
pratimsc commented on code in PR #12840:
URL: https://github.com/apache/kafka/pull/12840#discussion_r1020162892
##########
LICENSE-binary:
##########
@@ -208,18 +208,18 @@ License Version 2.0:
audience-annotations-0.5.0
commons-cli-1.4
commons-lang3-3.12.0
-jackson-annotations-2.13.3
-jackson-core-2.13.3
-jackson-databind-2.13.3
-jackson-dataformat-csv-2.13.3
-jackson-dataformat-yaml-2.13.3
-jackson-datatype-jdk8-2.13.3
-jackson-datatype-jsr310-2.13.3
-jackson-jaxrs-base-2.13.3
-jackson-jaxrs-json-provider-2.13.3
-jackson-module-jaxb-annotations-2.13.3
-jackson-module-scala_2.13-2.13.3
-jackson-module-scala_2.12-2.13.3
+jackson-annotations-2.13.4
+jackson-core-2.13.4
+jackson-databind-2.13.4
Review Comment:
It's such a shame, that I forgot to push the update. I have pushed it now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] pratimsc commented on pull request #12840: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
Posted by GitBox <gi...@apache.org>.
pratimsc commented on PR #12840:
URL: https://github.com/apache/kafka/pull/12840#issuecomment-1315193071
Hi @showuon - any more action required from me? Or is this PR good to merge?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on a diff in pull request #12840: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
Posted by GitBox <gi...@apache.org>.
showuon commented on code in PR #12840:
URL: https://github.com/apache/kafka/pull/12840#discussion_r1019805336
##########
LICENSE-binary:
##########
@@ -208,18 +208,18 @@ License Version 2.0:
audience-annotations-0.5.0
commons-cli-1.4
commons-lang3-3.12.0
-jackson-annotations-2.13.3
-jackson-core-2.13.3
-jackson-databind-2.13.3
-jackson-dataformat-csv-2.13.3
-jackson-dataformat-yaml-2.13.3
-jackson-datatype-jdk8-2.13.3
-jackson-datatype-jsr310-2.13.3
-jackson-jaxrs-base-2.13.3
-jackson-jaxrs-json-provider-2.13.3
-jackson-module-jaxb-annotations-2.13.3
-jackson-module-scala_2.13-2.13.3
-jackson-module-scala_2.12-2.13.3
+jackson-annotations-2.13.4
+jackson-core-2.13.4
+jackson-databind-2.13.4
Review Comment:
2.13.4.2 ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] omkreddy merged pull request #12840: KAFKA-14320: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
Posted by GitBox <gi...@apache.org>.
omkreddy merged PR #12840:
URL: https://github.com/apache/kafka/pull/12840
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] showuon commented on pull request #12840: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
Posted by GitBox <gi...@apache.org>.
showuon commented on PR #12840:
URL: https://github.com/apache/kafka/pull/12840#issuecomment-1309672615
Should we also bump the `jackson-databind` to 2.13.4.2 for CVE-2022-42003?
ref: https://github.com/spring-projects/spring-boot/issues/32583
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] pratimsc commented on pull request #12840: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
Posted by GitBox <gi...@apache.org>.
pratimsc commented on PR #12840:
URL: https://github.com/apache/kafka/pull/12840#issuecomment-1310098026
> Should we also bump the `jackson-databind` to 2.13.4.2 for [CVE-2022-42003](https://github.com/advisories/GHSA-jjjh-jjxp-wpff)?
>
> ref: [spring-projects/spring-boot#32583](https://github.com/spring-projects/spring-boot/issues/32583)
The `jackson-databind` has been updated to 2.13.4.2 for https://github.com/advisories/GHSA-jjjh-jjxp-wpff?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [kafka] pratimsc commented on a diff in pull request #12840: Updated Jackson to version 2.13.4 for fixing CVE-2022-42004
Posted by GitBox <gi...@apache.org>.
pratimsc commented on code in PR #12840:
URL: https://github.com/apache/kafka/pull/12840#discussion_r1020162892
##########
LICENSE-binary:
##########
@@ -208,18 +208,18 @@ License Version 2.0:
audience-annotations-0.5.0
commons-cli-1.4
commons-lang3-3.12.0
-jackson-annotations-2.13.3
-jackson-core-2.13.3
-jackson-databind-2.13.3
-jackson-dataformat-csv-2.13.3
-jackson-dataformat-yaml-2.13.3
-jackson-datatype-jdk8-2.13.3
-jackson-datatype-jsr310-2.13.3
-jackson-jaxrs-base-2.13.3
-jackson-jaxrs-json-provider-2.13.3
-jackson-module-jaxb-annotations-2.13.3
-jackson-module-scala_2.13-2.13.3
-jackson-module-scala_2.12-2.13.3
+jackson-annotations-2.13.4
+jackson-core-2.13.4
+jackson-databind-2.13.4
Review Comment:
It's such a shame that I forgot to push the update. I have pushed it now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscribe@kafka.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org