You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by ke...@apache.org on 2020/03/24 10:42:26 UTC
[skywalking] branch master updated: Upgrade jackson-databind
version to 2.9.10 (#4565)
This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git
The following commit(s) were added to refs/heads/master by this push:
new f1b2b29 Upgrade jackson-databind version to 2.9.10 (#4565)
f1b2b29 is described below
commit f1b2b298b1dcb75f5c211c71b0b956d447859d1d
Author: 吴晟 Wu Sheng <wu...@foxmail.com>
AuthorDate: Tue Mar 24 18:42:08 2020 +0800
Upgrade jackson-databind version to 2.9.10 (#4565)
---
apm-webapp/pom.xml | 13 +++++++++++++
dist-material/release-docs/LICENSE | 2 +-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/apm-webapp/pom.xml b/apm-webapp/pom.xml
index 2ca7200..674c458 100644
--- a/apm-webapp/pom.xml
+++ b/apm-webapp/pom.xml
@@ -38,6 +38,7 @@
<spring-cloud-dependencies.version>Edgware.SR1</spring-cloud-dependencies.version>
<frontend-maven-plugin.version>1.6</frontend-maven-plugin.version>
<logback-classic.version>1.2.3</logback-classic.version>
+ <jackson-version>2.9.10</jackson-version>
<ui.path>${project.parent.basedir}/skywalking-ui</ui.path>
</properties>
@@ -64,6 +65,18 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
<version>${spring.boot.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <!-- https://www.cvedetails.com/cve/CVE-2019-17267/ -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>${jackson-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 79c643f..69d352a 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -278,7 +278,7 @@ The text of each license is the standard Apache 2.0 license.
instrumentation-api 0.4.3: https://github.com/google/instrumentation-java, Apache 2.0
jackson-annotations 2.8.0: https://github.com/FasterXML/jackson-annotations, Apache 2.0
jackson-core 2.8.8: https://github.com/FasterXML/jackson-core, Apache 2.0
- jackson-databind 2.8.8: https://github.com/FasterXML/jackson-databind, Apache 2.0
+ jackson-databind 2.9.10: https://github.com/FasterXML/jackson-databind, Apache 2.0
jackson-dataformat 2.8.6: https://github.com/FasterXML/jackson-dataformats-binary, Apache 2.0
jackson-datatype-jdk8 2.8.8: https://github.com/FasterXML/jackson-modules-java8/tree/jackson-modules-java8-2.8.8, Apache 2.0
jackson-module-kotlin 2.8.8: http://kotlinlang.org, Apache 2.0