You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@zookeeper.apache.org by nk...@apache.org on 2019/05/30 13:53:43 UTC

[zookeeper] branch master updated: ZOOKEEPER-3405: Upgrade the version of Jackson-databind to address OWASP CVE

This is an automated email from the ASF dual-hosted git repository.

nkalmar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new ca4b124  ZOOKEEPER-3405: Upgrade the version of Jackson-databind to address OWASP CVE
ca4b124 is described below

commit ca4b12430ef579f67785146a195ebfed5ca73f39
Author: Patrick Hunt <ph...@apache.org>
AuthorDate: Thu May 30 15:53:35 2019 +0200

    ZOOKEEPER-3405: Upgrade the version of Jackson-databind to address OWASP CVE
    
    Upgraded the library to the latest version.
    
    Change-Id: I94743e7f7817202fff25c757730ba05fe0a9cc17
    
    Author: Patrick Hunt <ph...@apache.org>
    
    Reviewers: Enrico Olivelli <eo...@apache.org>, Norbert Kalmar <nk...@apache.org>
    
    Closes #962 from phunt/ZOOKEEPER-3405
---
 build.xml | 2 +-
 pom.xml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.xml b/build.xml
index 3ba2079..3ae8cb4 100644
--- a/build.xml
+++ b/build.xml
@@ -55,7 +55,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
     <property name="javacc.version" value="5.0"/>
 
     <property name="jetty.version" value="9.4.15.v20190215"/>
-    <property name="jackson.version" value="2.9.8"/>
+    <property name="jackson.version" value="2.9.9"/>
     <property name="dependency-check-ant.version" value="4.0.2"/>
 
     <property name="commons-io.version" value="2.6"/>
diff --git a/pom.xml b/pom.xml
index dbd7d81..621cd94 100755
--- a/pom.xml
+++ b/pom.xml
@@ -279,7 +279,7 @@
     <commons-cli.version>1.2</commons-cli.version>
     <netty.version>4.1.29.Final</netty.version>
     <jetty.version>9.4.17.v20190418</jetty.version>
-    <jackson.version>2.9.8</jackson.version>
+    <jackson.version>2.9.9</jackson.version>
     <json.version>1.1.1</json.version>
     <jline.version>2.11</jline.version>
     <snappy.version>1.1.7</snappy.version>