You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by nk...@apache.org on 2021/01/06 18:57:53 UTC
[zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4045:
CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
This is an automated email from the ASF dual-hosted git repository.
nkalmar pushed a commit to branch branch-3.5.9
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.5.9 by this push:
new 5ea966a ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
5ea966a is described below
commit 5ea966ab6a7b8e63b78a9d04c6504e15d081334c
Author: Edwin Hobor <ed...@microfocus.com>
AuthorDate: Wed Jan 6 19:50:08 2021 +0100
ZOOKEEPER-4045: CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1
Jackson reported a vulnerability under CVE-2020-25649. Upgrading to 2.10.5.1 will resolve the problem. See https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#micro-patches for more details.
Author: Edwin Hobor <ed...@microfocus.com>
Reviewers: Mate Szalay-Beko <sy...@apache.org>, Norbert Kalmar <nk...@apache.org>
Closes #1572 from edwin092/ZOOKEEPER-4045
(cherry picked from commit 676d10b2fad97c69e4083619cb1db223ed1896a4)
Signed-off-by: Norbert Kalmar <nk...@apache.org>
(cherry picked from commit 29315f85d9c9c9857da00eb868af27bc082d398d)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 050e0f2..d84bfb8 100755
--- a/pom.xml
+++ b/pom.xml
@@ -299,7 +299,7 @@
<commons-cli.version>1.2</commons-cli.version>
<jetty.version>9.4.35.v20201120</jetty.version>
<netty.version>4.1.50.Final</netty.version>
- <jackson.version>2.10.3</jackson.version>
+ <jackson.version>2.10.5.1</jackson.version>
<json.version>1.1.1</json.version>
<jline.version>2.14.6</jline.version>
<snappy.version>1.1.7</snappy.version>