You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/03/22 08:48:09 UTC

[GitHub] [pulsar] massakam opened a new pull request #14794: [security] Upgrade Jackson to 2.13.2

massakam opened a new pull request #14794:
URL: https://github.com/apache/pulsar/pull/14794


   ### Motivation
   
   It seems that jackson-databind before 2.13.0 has a security vulnerability, so upgraded it to the latest version, 2.13.2.
   https://nvd.nist.gov/vuln/detail/CVE-2020-36518
   
   ### Modifications
   
   Upgrade Jackson from 2.12.6 to 2.13.2.
   
   ### Verifying this change
   
   - [ ] Make sure that the change passes the CI checks.
   
   ### Documentation
   
   - [ ] `no-need-doc`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] massakam commented on pull request #14794: [WIP][security] Upgrade Jackson to 2.13.2

Posted by GitBox <gi...@apache.org>.

massakam commented on pull request #14794:
URL: https://github.com/apache/pulsar/pull/14794#issuecomment-1081329466


   Since https://github.com/apache/pulsar/pull/14871 has been merged, I'm going to close it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] massakam commented on pull request #14794: [security] Upgrade Jackson to 2.13.2

Posted by GitBox <gi...@apache.org>.

massakam commented on pull request #14794:
URL: https://github.com/apache/pulsar/pull/14794#issuecomment-1074913465


   Oh, thank you. It seems that a newer version will be released within a few days, so I'll mark this PR as WIP.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] massakam closed pull request #14794: [WIP][security] Upgrade Jackson to 2.13.2

Posted by GitBox <gi...@apache.org>.

massakam closed pull request #14794:
URL: https://github.com/apache/pulsar/pull/14794


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org