You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by zh...@apache.org on 2022/11/17 13:10:21 UTC
[hbase] branch master updated: HBASE-27423 Upgrade hbase-thirdparty to 4.1.3 and upgrade Jackson for CVE-2022-42003/42004 (#4878)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/master by this push:
new 07a3ffdd97f HBASE-27423 Upgrade hbase-thirdparty to 4.1.3 and upgrade Jackson for CVE-2022-42003/42004 (#4878)
07a3ffdd97f is described below
commit 07a3ffdd97f22b7c1cf4dbfe23a029bec2b28336
Author: Duo Zhang <zh...@apache.org>
AuthorDate: Thu Nov 17 21:10:09 2022 +0800
HBASE-27423 Upgrade hbase-thirdparty to 4.1.3 and upgrade Jackson for CVE-2022-42003/42004 (#4878)
Signed-off-by: Xin Sun <dd...@gmail.com>
---
hbase-examples/pom.xml | 2 +-
hbase-protocol-shaded/pom.xml | 2 +-
pom.xml | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/hbase-examples/pom.xml b/hbase-examples/pom.xml
index 25babc3ca39..e8a3fb68dcc 100644
--- a/hbase-examples/pom.xml
+++ b/hbase-examples/pom.xml
@@ -33,7 +33,7 @@
<!--Version of protobuf that hbase uses internally (we shade our pb)
Must match what is out in hbase-thirdparty include.
-->
- <internal.protobuf.version>3.21.7</internal.protobuf.version>
+ <internal.protobuf.version>3.21.9</internal.protobuf.version>
</properties>
<dependencies>
<dependency>
diff --git a/hbase-protocol-shaded/pom.xml b/hbase-protocol-shaded/pom.xml
index 4897c8fae51..97b75bd404c 100644
--- a/hbase-protocol-shaded/pom.xml
+++ b/hbase-protocol-shaded/pom.xml
@@ -34,7 +34,7 @@
<!--Version of protobuf that hbase uses internally (we shade our pb)
Must match what is out in hbase-thirdparty include.
-->
- <internal.protobuf.version>3.21.7</internal.protobuf.version>
+ <internal.protobuf.version>3.21.9</internal.protobuf.version>
</properties>
<dependencies>
<!--BE CAREFUL! Any dependency added here needs to be
diff --git a/pom.xml b/pom.xml
index 6a70a35a5c2..1e83ca1c190 100644
--- a/pom.xml
+++ b/pom.xml
@@ -799,8 +799,8 @@
<httpclient.version>4.5.13</httpclient.version>
<httpcore.version>4.4.13</httpcore.version>
<metrics-core.version>3.2.6</metrics-core.version>
- <jackson.version>2.13.4</jackson.version>
- <jackson.databind.version>2.13.4</jackson.databind.version>
+ <jackson.version>2.14.0</jackson.version>
+ <jackson.databind.version>2.14.0</jackson.databind.version>
<jaxb-api.version>2.3.1</jaxb-api.version>
<servlet.api.version>3.1.0</servlet.api.version>
<wx.rs.api.version>2.1.1</wx.rs.api.version>
@@ -867,7 +867,7 @@
<snappy.version>1.1.8.4</snappy.version>
<xz.version>1.9</xz.version>
<zstd-jni.version>1.5.0-4</zstd-jni.version>
- <hbase-thirdparty.version>4.1.2</hbase-thirdparty.version>
+ <hbase-thirdparty.version>4.1.3</hbase-thirdparty.version>
<!-- Intraproject jar naming properties -->
<!-- TODO this is pretty ugly, but works for the moment.
Modules are pretty heavy-weight things, so doing this work isn't too bad. -->