diff --git a/CHANGELOG.md b/CHANGELOG.md index b00eb87c11868..15e688ee324d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -71,6 +71,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Getting security exception due to access denied 'java.lang.RuntimePermission' 'accessDeclaredMembers' when trying to get snapshot with S3 IRSA ([#4469](https://github.com/opensearch-project/OpenSearch/pull/4469)) - Fixed flaky test `ResourceAwareTasksTests.testTaskIdPersistsInThreadContext` ([#4484](https://github.com/opensearch-project/OpenSearch/pull/4484)) - Fixed the ignore_malformed setting to also ignore objects ([#4494](https://github.com/opensearch-project/OpenSearch/pull/4494)) +- Updated jackson to 2.13.4 and snakeyml to 1.32 ([#4556](https://github.com/opensearch-project/OpenSearch/pull/4556)) ### Security - CVE-2022-25857 org.yaml:snakeyaml DOS vulnerability ([#4341](https://github.com/opensearch-project/OpenSearch/pull/4341)) diff --git a/buildSrc/version.properties b/buildSrc/version.properties index 072dcc4578977..aa6a14ca6e47d 100644 --- a/buildSrc/version.properties +++ b/buildSrc/version.properties @@ -9,9 +9,9 @@ bundled_jdk = 17.0.4+8 # optional dependencies spatial4j = 0.7 jts = 1.15.0 -jackson = 2.13.3 -jackson_databind = 2.13.3 -snakeyaml = 1.31 +jackson = 2.13.4 +jackson_databind = 2.13.4 +snakeyaml = 1.32 icu4j = 70.1 supercsv = 2.4.0 log4j = 2.17.1 diff --git a/client/sniffer/licenses/jackson-core-2.13.3.jar.sha1 b/client/sniffer/licenses/jackson-core-2.13.3.jar.sha1 deleted file mode 100644 index 6e0e2cf9bf2d4..0000000000000 --- a/client/sniffer/licenses/jackson-core-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -a27014716e4421684416e5fa83d896ddb87002da \ No newline at end of file diff --git a/client/sniffer/licenses/jackson-core-2.13.4.jar.sha1 b/client/sniffer/licenses/jackson-core-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..c21a7ba4d0043 --- /dev/null +++ b/client/sniffer/licenses/jackson-core-2.13.4.jar.sha1 @@ -0,0 +1 @@ +0cf934c681294b97ef6d80082faeefbe1edadf56 \ No newline at end of file diff --git a/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.3.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.3.jar.sha1 deleted file mode 100644 index 7e68b8b99757d..0000000000000 --- a/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -7198b3aac15285a49e218e08441c5f70af00fc51 \ No newline at end of file diff --git a/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.4.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..2e9425b8ff6db --- /dev/null +++ b/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.13.4.jar.sha1 @@ -0,0 +1 @@ +858c6cc78e1f08a885b1613e1d817c829df70a6e \ No newline at end of file diff --git a/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.3.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.3.jar.sha1 deleted file mode 100644 index fd75028bd141f..0000000000000 --- a/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -56deb9ea2c93a7a556b3afbedd616d342963464e \ No newline at end of file diff --git a/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..fcc6491d1f78d --- /dev/null +++ b/distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.jar.sha1 @@ -0,0 +1 @@ +98b0edfa8e4084078f10b7b356c300ded4a71491 \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-core-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-core-2.13.3.jar.sha1 deleted file mode 100644 index 6e0e2cf9bf2d4..0000000000000 --- a/libs/x-content/licenses/jackson-core-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -a27014716e4421684416e5fa83d896ddb87002da \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-core-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-core-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..c21a7ba4d0043 --- /dev/null +++ b/libs/x-content/licenses/jackson-core-2.13.4.jar.sha1 @@ -0,0 +1 @@ +0cf934c681294b97ef6d80082faeefbe1edadf56 \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-dataformat-cbor-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-cbor-2.13.3.jar.sha1 deleted file mode 100644 index a1dd86f11312d..0000000000000 --- a/libs/x-content/licenses/jackson-dataformat-cbor-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -bf43eed9de0031521107dfea41d1e5d6bf1b9639 \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-dataformat-cbor-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-cbor-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..f8d776d40fdb5 --- /dev/null +++ b/libs/x-content/licenses/jackson-dataformat-cbor-2.13.4.jar.sha1 @@ -0,0 +1 @@ +ccaf21e6a02a20cae6591a12d20bf310544cf3ee \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-dataformat-smile-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-smile-2.13.3.jar.sha1 deleted file mode 100644 index 864f2da02463f..0000000000000 --- a/libs/x-content/licenses/jackson-dataformat-smile-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -b4e03e361e2388e3a8a0b68e3b9988d3a07ee3f3 \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-dataformat-smile-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-smile-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..6d4962b0b6fa9 --- /dev/null +++ b/libs/x-content/licenses/jackson-dataformat-smile-2.13.4.jar.sha1 @@ -0,0 +1 @@ +4161a7c3914a12e7b7940ea53eb3c53e17aea91b \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-dataformat-yaml-2.13.3.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-yaml-2.13.3.jar.sha1 deleted file mode 100644 index ba45b6520a1d7..0000000000000 --- a/libs/x-content/licenses/jackson-dataformat-yaml-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -9363ded5441b1fee62d5be0604035690ca759a2a \ No newline at end of file diff --git a/libs/x-content/licenses/jackson-dataformat-yaml-2.13.4.jar.sha1 b/libs/x-content/licenses/jackson-dataformat-yaml-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..312bd9ae91e4e --- /dev/null +++ b/libs/x-content/licenses/jackson-dataformat-yaml-2.13.4.jar.sha1 @@ -0,0 +1 @@ +3142ec201e878372d1561e64bd1a947d9e88a03d \ No newline at end of file diff --git a/libs/x-content/licenses/snakeyaml-1.31.jar.sha1 b/libs/x-content/licenses/snakeyaml-1.31.jar.sha1 deleted file mode 100644 index 1ac9b78b88687..0000000000000 --- a/libs/x-content/licenses/snakeyaml-1.31.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -cf26b7b05fef01e7bec00cb88ab4feeeba743e12 \ No newline at end of file diff --git a/libs/x-content/licenses/snakeyaml-1.32.jar.sha1 b/libs/x-content/licenses/snakeyaml-1.32.jar.sha1 new file mode 100644 index 0000000000000..3216ba485951a --- /dev/null +++ b/libs/x-content/licenses/snakeyaml-1.32.jar.sha1 @@ -0,0 +1 @@ +e80612549feb5c9191c498de628c1aa80693cf0b \ No newline at end of file diff --git a/modules/ingest-geoip/licenses/jackson-annotations-2.13.3.jar.sha1 b/modules/ingest-geoip/licenses/jackson-annotations-2.13.3.jar.sha1 deleted file mode 100644 index 7e68b8b99757d..0000000000000 --- a/modules/ingest-geoip/licenses/jackson-annotations-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -7198b3aac15285a49e218e08441c5f70af00fc51 \ No newline at end of file diff --git a/modules/ingest-geoip/licenses/jackson-annotations-2.13.4.jar.sha1 b/modules/ingest-geoip/licenses/jackson-annotations-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..2e9425b8ff6db --- /dev/null +++ b/modules/ingest-geoip/licenses/jackson-annotations-2.13.4.jar.sha1 @@ -0,0 +1 @@ +858c6cc78e1f08a885b1613e1d817c829df70a6e \ No newline at end of file diff --git a/modules/ingest-geoip/licenses/jackson-databind-2.13.3.jar.sha1 b/modules/ingest-geoip/licenses/jackson-databind-2.13.3.jar.sha1 deleted file mode 100644 index fd75028bd141f..0000000000000 --- a/modules/ingest-geoip/licenses/jackson-databind-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -56deb9ea2c93a7a556b3afbedd616d342963464e \ No newline at end of file diff --git a/modules/ingest-geoip/licenses/jackson-databind-2.13.4.jar.sha1 b/modules/ingest-geoip/licenses/jackson-databind-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..fcc6491d1f78d --- /dev/null +++ b/modules/ingest-geoip/licenses/jackson-databind-2.13.4.jar.sha1 @@ -0,0 +1 @@ +98b0edfa8e4084078f10b7b356c300ded4a71491 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/jackson-annotations-2.13.3.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-annotations-2.13.3.jar.sha1 deleted file mode 100644 index 7e68b8b99757d..0000000000000 --- a/plugins/discovery-ec2/licenses/jackson-annotations-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -7198b3aac15285a49e218e08441c5f70af00fc51 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/jackson-annotations-2.13.4.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-annotations-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..2e9425b8ff6db --- /dev/null +++ b/plugins/discovery-ec2/licenses/jackson-annotations-2.13.4.jar.sha1 @@ -0,0 +1 @@ +858c6cc78e1f08a885b1613e1d817c829df70a6e \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-databind-2.13.3.jar.sha1 deleted file mode 100644 index fd75028bd141f..0000000000000 --- a/plugins/discovery-ec2/licenses/jackson-databind-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -56deb9ea2c93a7a556b3afbedd616d342963464e \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-databind-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..fcc6491d1f78d --- /dev/null +++ b/plugins/discovery-ec2/licenses/jackson-databind-2.13.4.jar.sha1 @@ -0,0 +1 @@ +98b0edfa8e4084078f10b7b356c300ded4a71491 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-annotations-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-annotations-2.13.3.jar.sha1 deleted file mode 100644 index 7e68b8b99757d..0000000000000 --- a/plugins/repository-azure/licenses/jackson-annotations-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -7198b3aac15285a49e218e08441c5f70af00fc51 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-annotations-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-annotations-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..2e9425b8ff6db --- /dev/null +++ b/plugins/repository-azure/licenses/jackson-annotations-2.13.4.jar.sha1 @@ -0,0 +1 @@ +858c6cc78e1f08a885b1613e1d817c829df70a6e \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-databind-2.13.3.jar.sha1 deleted file mode 100644 index fd75028bd141f..0000000000000 --- a/plugins/repository-azure/licenses/jackson-databind-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -56deb9ea2c93a7a556b3afbedd616d342963464e \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-databind-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..fcc6491d1f78d --- /dev/null +++ b/plugins/repository-azure/licenses/jackson-databind-2.13.4.jar.sha1 @@ -0,0 +1 @@ +98b0edfa8e4084078f10b7b356c300ded4a71491 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.3.jar.sha1 deleted file mode 100644 index 9573bd151ec15..0000000000000 --- a/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -ec52dc41977a927a6ff175042576d716cd55c7c5 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..0d3864bb0c7eb --- /dev/null +++ b/plugins/repository-azure/licenses/jackson-dataformat-xml-2.13.4.jar.sha1 @@ -0,0 +1 @@ +b739978806ffc80967ba0efe43b1296c29c4cfe8 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.3.jar.sha1 deleted file mode 100644 index b69547107e017..0000000000000 --- a/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -ad2f4c61aeb9e2a8bb5e4a3ed782cfddec52d972 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..fb193b3e0fd8a --- /dev/null +++ b/plugins/repository-azure/licenses/jackson-datatype-jsr310-2.13.4.jar.sha1 @@ -0,0 +1 @@ +0e6d820112871f33cd94a1dcc54eef58874753b5 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.3.jar.sha1 b/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.3.jar.sha1 deleted file mode 100644 index 338017f52141c..0000000000000 --- a/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -1dba7b89605c64026f60ccf1116d3766039fcab0 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.4.jar.sha1 b/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..d576f94eea9c4 --- /dev/null +++ b/plugins/repository-azure/licenses/jackson-module-jaxb-annotations-2.13.4.jar.sha1 @@ -0,0 +1 @@ +da90f334c1e752342f2dedb59880d5d46b29fe03 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/repository-hdfs/licenses/jackson-databind-2.13.3.jar.sha1 deleted file mode 100644 index fd75028bd141f..0000000000000 --- a/plugins/repository-hdfs/licenses/jackson-databind-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -56deb9ea2c93a7a556b3afbedd616d342963464e \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/repository-hdfs/licenses/jackson-databind-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..fcc6491d1f78d --- /dev/null +++ b/plugins/repository-hdfs/licenses/jackson-databind-2.13.4.jar.sha1 @@ -0,0 +1 @@ +98b0edfa8e4084078f10b7b356c300ded4a71491 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/jackson-annotations-2.13.3.jar.sha1 b/plugins/repository-s3/licenses/jackson-annotations-2.13.3.jar.sha1 deleted file mode 100644 index 7e68b8b99757d..0000000000000 --- a/plugins/repository-s3/licenses/jackson-annotations-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -7198b3aac15285a49e218e08441c5f70af00fc51 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/jackson-annotations-2.13.4.jar.sha1 b/plugins/repository-s3/licenses/jackson-annotations-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..2e9425b8ff6db --- /dev/null +++ b/plugins/repository-s3/licenses/jackson-annotations-2.13.4.jar.sha1 @@ -0,0 +1 @@ +858c6cc78e1f08a885b1613e1d817c829df70a6e \ No newline at end of file diff --git a/plugins/repository-s3/licenses/jackson-databind-2.13.3.jar.sha1 b/plugins/repository-s3/licenses/jackson-databind-2.13.3.jar.sha1 deleted file mode 100644 index fd75028bd141f..0000000000000 --- a/plugins/repository-s3/licenses/jackson-databind-2.13.3.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -56deb9ea2c93a7a556b3afbedd616d342963464e \ No newline at end of file diff --git a/plugins/repository-s3/licenses/jackson-databind-2.13.4.jar.sha1 b/plugins/repository-s3/licenses/jackson-databind-2.13.4.jar.sha1 new file mode 100644 index 0000000000000..fcc6491d1f78d --- /dev/null +++ b/plugins/repository-s3/licenses/jackson-databind-2.13.4.jar.sha1 @@ -0,0 +1 @@ +98b0edfa8e4084078f10b7b356c300ded4a71491 \ No newline at end of file