Skip to content

Commit

Permalink
CVE-2019-14439: bump jackson-databind to 2.9.9.3 (#2688)
Browse files Browse the repository at this point in the history 
CVE-2019-14439: bump jackson-databind to 2.9.9.3
  • Loading branch information
@jrudolph
jrudolph authored Sep 9, 2019
2 parents d32941d + 01a4385 commit dbd58c6
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
2 changes: 1 addition & 1 deletion build.sbt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,7 +339,7 @@ lazy val docs = project("docs")
case akka.Doc.BinVer(_) => ""
case _ => "cross CrossVersion.full"
}),
"jackson.version" -> Dependencies.jacksonVersion,
"jackson.version" -> Dependencies.jacksonXmlVersion,
"extref.akka-docs.base_url" -> s"https://doc.akka.io/docs/akka/${AkkaDependency.akkaVersion}/%s",
"extref.akka25-docs.base_url" -> s"https://doc.akka.io/docs/akka/2.5/%s",
"javadoc.akka.http.base_url" -> {
Expand Down
9 changes: 5 additions & 4 deletions project/Dependencies.scala
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ import scala.language.implicitConversions
object Dependencies {
import DependencyHelpers._

val jacksonVersion = "2.9.9"
val jacksonDatabindVersion = "2.9.9.3"
val jacksonXmlVersion = "2.9.9"
val junitVersion = "4.12"
val h2specVersion = "1.5.0"
val h2specName = s"h2spec_${DependencyHelpers.osName}_amd64"
Expand Down Expand Up @@ -46,7 +47,7 @@ object Dependencies {
val sprayJson = "io.spray" %% "spray-json" % "1.3.5" // ApacheV2

// For akka-http-jackson support
val jackson = "com.fasterxml.jackson.core" % "jackson-databind" % jacksonVersion // ApacheV2
val jacksonDatabind = "com.fasterxml.jackson.core" % "jackson-databind" % jacksonDatabindVersion // ApacheV2

// For akka-http-testkit-java
val junit = "junit" % "junit" % junitVersion // Common Public License 1.0
Expand All @@ -60,7 +61,7 @@ object Dependencies {
object Docs {
val sprayJson = Compile.sprayJson % "test"
val gson = "com.google.code.gson" % "gson" % "2.8.5" % "test"
val jacksonXml = "com.fasterxml.jackson.dataformat" % "jackson-dataformat-xml" % jacksonVersion % "test" // ApacheV2
val jacksonXml = "com.fasterxml.jackson.dataformat" % "jackson-dataformat-xml" % jacksonXmlVersion % "test" // ApacheV2
val reflections = "org.reflections" % "reflections" % "0.9.11" % "test" // WTFPL
}

Expand Down Expand Up @@ -123,7 +124,7 @@ object Dependencies {
libraryDependencies += Test.scalatest.value
)

lazy val httpJackson = l ++= Seq(jackson)
lazy val httpJackson = l ++= Seq(jacksonDatabind)

lazy val docs = l ++= Seq(Docs.sprayJson, Docs.gson, Docs.jacksonXml, Docs.reflections)
}
Expand Down

0 comments on commit dbd58c6

Please sign in to comment.