You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by ke...@apache.org on 2020/03/24 10:42:26 UTC

[skywalking] branch master updated: Upgrade jackson-databind version to 2.9.10 (#4565)

This is an automated email from the ASF dual-hosted git repository.

kezhenxu94 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git


The following commit(s) were added to refs/heads/master by this push:
     new f1b2b29  Upgrade jackson-databind version to 2.9.10 (#4565)
f1b2b29 is described below

commit f1b2b298b1dcb75f5c211c71b0b956d447859d1d
Author: 吴晟 Wu Sheng <wu...@foxmail.com>
AuthorDate: Tue Mar 24 18:42:08 2020 +0800

    Upgrade jackson-databind version to 2.9.10 (#4565)
---
 apm-webapp/pom.xml                 | 13 +++++++++++++
 dist-material/release-docs/LICENSE |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/apm-webapp/pom.xml b/apm-webapp/pom.xml
index 2ca7200..674c458 100644
--- a/apm-webapp/pom.xml
+++ b/apm-webapp/pom.xml
@@ -38,6 +38,7 @@
         <spring-cloud-dependencies.version>Edgware.SR1</spring-cloud-dependencies.version>
         <frontend-maven-plugin.version>1.6</frontend-maven-plugin.version>
         <logback-classic.version>1.2.3</logback-classic.version>
+        <jackson-version>2.9.10</jackson-version>
 
         <ui.path>${project.parent.basedir}/skywalking-ui</ui.path>
     </properties>
@@ -64,6 +65,18 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
             <version>${spring.boot.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.fasterxml.jackson.core</groupId>
+                    <artifactId>jackson-databind</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- https://www.cvedetails.com/cve/CVE-2019-17267/ -->
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>${jackson-version}</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
diff --git a/dist-material/release-docs/LICENSE b/dist-material/release-docs/LICENSE
index 79c643f..69d352a 100755
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -278,7 +278,7 @@ The text of each license is the standard Apache 2.0 license.
     instrumentation-api 0.4.3: https://github.com/google/instrumentation-java, Apache 2.0
     jackson-annotations 2.8.0: https://github.com/FasterXML/jackson-annotations, Apache 2.0
     jackson-core 2.8.8: https://github.com/FasterXML/jackson-core, Apache 2.0
-    jackson-databind 2.8.8: https://github.com/FasterXML/jackson-databind, Apache 2.0
+    jackson-databind 2.9.10: https://github.com/FasterXML/jackson-databind, Apache 2.0
     jackson-dataformat 2.8.6: https://github.com/FasterXML/jackson-dataformats-binary, Apache 2.0
     jackson-datatype-jdk8 2.8.8: https://github.com/FasterXML/jackson-modules-java8/tree/jackson-modules-java8-2.8.8, Apache 2.0
     jackson-module-kotlin 2.8.8: http://kotlinlang.org, Apache 2.0