You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spark.apache.org by sr...@apache.org on 2019/05/30 14:35:48 UTC
[spark] branch master updated: [SPARK-27757][CORE] Bump Jackson to
2.9.9
This is an automated email from the ASF dual-hosted git repository.
srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new bd87323 [SPARK-27757][CORE] Bump Jackson to 2.9.9
bd87323 is described below
commit bd8732300385ad99d2cec3a4af49953d8925eaf6
Author: Fokko Driesprong <fo...@apache.org>
AuthorDate: Thu May 30 09:35:20 2019 -0500
[SPARK-27757][CORE] Bump Jackson to 2.9.9
## What changes were proposed in this pull request?
This fixes CVE-2019-12086 on Databind: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9
## How was this patch tested?
Existing tests
Closes #24646 from Fokko/SPARK-27757.
Authored-by: Fokko Driesprong <fo...@apache.org>
Signed-off-by: Sean Owen <se...@databricks.com>
---
dev/deps/spark-deps-hadoop-2.7 | 14 +++++++-------
dev/deps/spark-deps-hadoop-3.2 | 14 +++++++-------
pom.xml | 2 +-
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/dev/deps/spark-deps-hadoop-2.7 b/dev/deps/spark-deps-hadoop-2.7
index d7f6ab6..9bbb9ac 100644
--- a/dev/deps/spark-deps-hadoop-2.7
+++ b/dev/deps/spark-deps-hadoop-2.7
@@ -83,16 +83,16 @@ httpclient-4.5.6.jar
httpcore-4.4.10.jar
istack-commons-runtime-3.0.8.jar
ivy-2.4.0.jar
-jackson-annotations-2.9.8.jar
-jackson-core-2.9.8.jar
+jackson-annotations-2.9.9.jar
+jackson-core-2.9.9.jar
jackson-core-asl-1.9.13.jar
-jackson-databind-2.9.8.jar
-jackson-dataformat-yaml-2.9.8.jar
+jackson-databind-2.9.9.jar
+jackson-dataformat-yaml-2.9.9.jar
jackson-jaxrs-1.9.13.jar
jackson-mapper-asl-1.9.13.jar
-jackson-module-jaxb-annotations-2.9.8.jar
-jackson-module-paranamer-2.9.8.jar
-jackson-module-scala_2.12-2.9.8.jar
+jackson-module-jaxb-annotations-2.9.9.jar
+jackson-module-paranamer-2.9.9.jar
+jackson-module-scala_2.12-2.9.9.jar
jackson-xc-1.9.13.jar
jakarta.xml.bind-api-2.3.2.jar
janino-3.0.11.jar
diff --git a/dev/deps/spark-deps-hadoop-3.2 b/dev/deps/spark-deps-hadoop-3.2
index 9f47619..6080893 100644
--- a/dev/deps/spark-deps-hadoop-3.2
+++ b/dev/deps/spark-deps-hadoop-3.2
@@ -85,17 +85,17 @@ httpclient-4.5.6.jar
httpcore-4.4.10.jar
istack-commons-runtime-3.0.8.jar
ivy-2.4.0.jar
-jackson-annotations-2.9.8.jar
-jackson-core-2.9.8.jar
+jackson-annotations-2.9.9.jar
+jackson-core-2.9.9.jar
jackson-core-asl-1.9.13.jar
-jackson-databind-2.9.8.jar
-jackson-dataformat-yaml-2.9.8.jar
+jackson-databind-2.9.9.jar
+jackson-dataformat-yaml-2.9.9.jar
jackson-jaxrs-base-2.9.5.jar
jackson-jaxrs-json-provider-2.9.5.jar
jackson-mapper-asl-1.9.13.jar
-jackson-module-jaxb-annotations-2.9.8.jar
-jackson-module-paranamer-2.9.8.jar
-jackson-module-scala_2.12-2.9.8.jar
+jackson-module-jaxb-annotations-2.9.9.jar
+jackson-module-paranamer-2.9.9.jar
+jackson-module-scala_2.12-2.9.9.jar
jakarta.xml.bind-api-2.3.2.jar
janino-3.0.11.jar
javassist-3.18.1-GA.jar
diff --git a/pom.xml b/pom.xml
index b0433cb..62b084e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -166,7 +166,7 @@
<!-- for now, not running scalafmt as part of default verify pipeline -->
<scalafmt.skip>true</scalafmt.skip>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
- <fasterxml.jackson.version>2.9.8</fasterxml.jackson.version>
+ <fasterxml.jackson.version>2.9.9</fasterxml.jackson.version>
<snappy.version>1.1.7.3</snappy.version>
<netlib.java.version>1.1.2</netlib.java.version>
<commons-codec.version>1.10</commons-codec.version>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@spark.apache.org
For additional commands, e-mail: commits-help@spark.apache.org