You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hbase.apache.org by zh...@apache.org on 2022/11/17 14:30:11 UTC

[hbase] 01/02: HBASE-27423 Upgrade hbase-thirdparty to 4.1.3 and upgrade Jackson for CVE-2022-42003/42004 (#4878)

This is an automated email from the ASF dual-hosted git repository.

zhangduo pushed a commit to branch branch-2.4
in repository https://gitbox.apache.org/repos/asf/hbase.git

commit d1ac1d57c97cc606227bff85f1b99de9b7061115
Author: Duo Zhang <zh...@apache.org>
AuthorDate: Thu Nov 17 21:10:09 2022 +0800

    HBASE-27423 Upgrade hbase-thirdparty to 4.1.3 and upgrade Jackson for CVE-2022-42003/42004 (#4878)
    
    Signed-off-by: Xin Sun <dd...@gmail.com>
    (cherry picked from commit 07a3ffdd97f22b7c1cf4dbfe23a029bec2b28336)
---
 hbase-protocol-shaded/pom.xml | 2 +-
 pom.xml                       | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hbase-protocol-shaded/pom.xml b/hbase-protocol-shaded/pom.xml
index 2cbe42b9933..2ea3c33f294 100644
--- a/hbase-protocol-shaded/pom.xml
+++ b/hbase-protocol-shaded/pom.xml
@@ -34,7 +34,7 @@
     <!--Version of protobuf that hbase uses internally (we shade our pb)
          Must match what is out in hbase-thirdparty include.
     -->
-    <internal.protobuf.version>3.21.7</internal.protobuf.version>
+    <internal.protobuf.version>3.21.9</internal.protobuf.version>
   </properties>
   <dependencies>
     <!--BE CAREFUL! Any dependency added here needs to be
diff --git a/pom.xml b/pom.xml
index e8c6d144af5..16b6328f787 100755
--- a/pom.xml
+++ b/pom.xml
@@ -569,8 +569,8 @@
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.13</httpcore.version>
     <metrics-core.version>3.2.6</metrics-core.version>
-    <jackson.version>2.13.4</jackson.version>
-    <jackson.databind.version>2.13.4</jackson.databind.version>
+    <jackson.version>2.14.0</jackson.version>
+    <jackson.databind.version>2.14.0</jackson.databind.version>
     <jaxb-api.version>2.3.1</jaxb-api.version>
     <servlet.api.version>3.1.0</servlet.api.version>
     <wx.rs.api.version>2.1.1</wx.rs.api.version>
@@ -630,7 +630,7 @@
     <wagon.ssh.version>2.12</wagon.ssh.version>
     <xml.maven.version>1.0.1</xml.maven.version>
     <spotless.version>2.27.2</spotless.version>
-    <hbase-thirdparty.version>4.1.2</hbase-thirdparty.version>
+    <hbase-thirdparty.version>4.1.3</hbase-thirdparty.version>
     <maven-site.version>3.12.0</maven-site.version>
     <!-- Intraproject jar naming properties -->
     <!-- TODO this is pretty ugly, but works for the moment.