HBASE-27423 Upgrade Jackson for CVE-2022-42003/42004

apache · Nov 15, 2022 · 961f26a · 961f26a
1 parent e5463e8
commit 961f26a
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/pom.xml b/pom.xml
@@ -799,8 +799,8 @@
     <httpclient.version>4.5.13</httpclient.version>
     <httpcore.version>4.4.13</httpcore.version>
     <metrics-core.version>3.2.6</metrics-core.version>
-    <jackson.version>2.13.4</jackson.version>
-    <jackson.databind.version>2.13.4</jackson.databind.version>
+    <jackson.version>2.14.0</jackson.version>
+    <jackson.databind.version>2.14.0</jackson.databind.version>
     <jaxb-api.version>2.3.1</jaxb-api.version>
     <servlet.api.version>3.1.0</servlet.api.version>
     <wx.rs.api.version>2.1.1</wx.rs.api.version>
@@ -867,7 +867,7 @@
     <snappy.version>1.1.8.4</snappy.version>
     <xz.version>1.9</xz.version>
     <zstd-jni.version>1.5.0-4</zstd-jni.version>
-    <hbase-thirdparty.version>4.1.2</hbase-thirdparty.version>
+    <hbase-thirdparty.version>4.1.3</hbase-thirdparty.version>
     <!-- Intraproject jar naming properties -->
     <!-- TODO this is pretty ugly, but works for the moment.
       Modules are pretty heavy-weight things, so doing this work isn't too bad. -->