avro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject [avro] branch branch-1.9 updated: Upgrade jackson to latest to avoid CVE's
Date Fri, 02 Aug 2019 14:56:45 GMT
This is an automated email from the ASF dual-hosted git repository.

dkulp pushed a commit to branch branch-1.9
in repository https://gitbox.apache.org/repos/asf/avro.git


The following commit(s) were added to refs/heads/branch-1.9 by this push:
     new a9a5459  Upgrade jackson to latest to avoid CVE's
a9a5459 is described below

commit a9a54598f3656a14bb11fed3d23b7b050a012ad9
Author: Daniel Kulp <dkulp@apache.org>
AuthorDate: Fri Aug 2 10:56:06 2019 -0400

    Upgrade jackson to latest to avoid CVE's
---
 lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml     | 3 ++-
 .../src/test/resources/unit/idl/pom-injecting-velocity-tools.xml     | 2 +-
 lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml      | 2 +-
 lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml    | 2 +-
 .../test/resources/unit/protocol/pom-injecting-velocity-tools.xml    | 2 +-
 lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml | 2 +-
 .../maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml     | 2 +-
 .../src/test/resources/unit/schema/pom-injecting-velocity-tools.xml  | 2 +-
 lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml   | 2 +-
 lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml | 2 +-
 lang/java/pom.xml                                                    | 5 +++--
 11 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml b/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml
index c5be5cb..30df8d2 100644
--- a/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml
+++ b/lang/java/archetypes/avro-service-archetype/src/main/pom/pom.xml
@@ -31,6 +31,7 @@
 
     <avro.version>${project.version}</avro.version>
     <jackson.version>${jackson.version}</jackson.version>
+    <jackson.databind.version>${jackson.databind.version}</jackson.databind.version>
     <junit.version>${junit.version}</junit.version>
     <logback.version>1.0.0</logback.version>
     <slf4j.version>${slf4j.version}</slf4j.version>
@@ -60,7 +61,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>\${jackson.version}</version>
+      <version>\${jackson.databind.version}</version>
     </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
diff --git a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml
b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml
index 0eb38f0..c33ea58 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-injecting-velocity-tools.xml
@@ -67,7 +67,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml
index a5258a0..2d18649 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-joda.xml
@@ -62,7 +62,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml
index 990ca4d..8597ce8 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/idl/pom-jsr310.xml
@@ -62,7 +62,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml
b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml
index 9284cc6..61a5ce3 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-injecting-velocity-tools.xml
@@ -67,7 +67,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml
index 1484eb2..720f83b 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-joda.xml
@@ -61,7 +61,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml
index 4018e89..fb4c524 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/protocol/pom-jsr310.xml
@@ -61,7 +61,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml
b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml
index 867a71a..fbfa132 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-injecting-velocity-tools.xml
@@ -64,7 +64,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml
index cd68028..7642319 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-joda.xml
@@ -65,7 +65,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml
index 851ac89..42e28ce 100644
--- a/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml
+++ b/lang/java/maven-plugin/src/test/resources/unit/schema/pom-jsr310.xml
@@ -65,7 +65,7 @@
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
-      <version>${jackson.version}</version>
+      <version>${jackson.databind.version}</version>
     </dependency>
   </dependencies>
 
diff --git a/lang/java/pom.xml b/lang/java/pom.xml
index d1e9b18..71464f3 100644
--- a/lang/java/pom.xml
+++ b/lang/java/pom.xml
@@ -40,7 +40,8 @@
     <!-- version properties for dependencies -->
 
     <hadoop.version>2.7.3</hadoop.version>
-    <jackson.version>2.9.8</jackson.version>
+    <jackson.version>2.9.9</jackson.version>
+    <jackson.databind.version>2.9.9.2</jackson.databind.version>
     <servlet-api.version>3.1.0</servlet-api.version>
     <jetty.version>9.4.18.v20190429</jetty.version>
     <jopt-simple.version>5.0.4</jopt-simple.version>
@@ -500,7 +501,7 @@
       <dependency>
         <groupId>com.fasterxml.jackson.core</groupId>
         <artifactId>jackson-databind</artifactId>
-        <version>${jackson.version}</version>
+        <version>${jackson.databind.version}</version>
       </dependency>
       <dependency>
         <groupId>org.apache.velocity</groupId>


Mime
View raw message