You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by re...@apache.org on 2023/01/07 05:42:17 UTC
[jackrabbit-oak] branch 1.22 updated: OAK-9947: upgrade jackson-databind to 2.13.4
This is an automated email from the ASF dual-hosted git repository.
reschke pushed a commit to branch 1.22
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/1.22 by this push:
new 245f8792cd OAK-9947: upgrade jackson-databind to 2.13.4
245f8792cd is described below
commit 245f8792cd4d5b80dbcde868c9ef1efb01d1a415
Author: Julian Reschke <ju...@gmx.de>
AuthorDate: Sat Jan 7 06:42:08 2023 +0100
OAK-9947: upgrade jackson-databind to 2.13.4
---
oak-parent/pom.xml | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/oak-parent/pom.xml b/oak-parent/pom.xml
index df6a916f9e..aea96d77b2 100644
--- a/oak-parent/pom.xml
+++ b/oak-parent/pom.xml
@@ -63,10 +63,7 @@
<guava.version>15.0</guava.version>
<guava.osgi.import>com.google.common.*;version="[15.0,21)"</guava.osgi.import>
<derby.version>10.14.2.0</derby.version>
- <jackson.version>2.10.5</jackson.version>
- <!-- jackson-databind versions prior to 2.10.5.1 are affected by security vulnerability CVE-2020-25649.
- When upgrading jackson, try to align them to the same version -->
- <jackson.databind.version>2.10.5.1</jackson.databind.version>
+ <jackson.version>2.13.4</jackson.version>
<java.version>1.8</java.version>
<java.version.signature>java18</java.version.signature>
@@ -680,7 +677,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.databind.version}</version>
+ <version>${jackson.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>