Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Upgrade Jackson to 2.12.6 #13694

Merged
merged 2 commits into from
Jan 10, 2022
Merged

[Security] Upgrade Jackson to 2.12.6 #13694

merged 2 commits into from
Jan 10, 2022

Conversation

lhotari
Copy link
Member

@lhotari lhotari commented Jan 10, 2022

Motivation

Sonatype Nexus IQ server flags Jackson 2.12.3 vulnerable with id SONATYPE-2021-4682. The issue is a DoS vulnerability FasterXML/jackson-databind#3328 .

Modifications

  • upgrade Jackson from 2.12.3 to 2.12.6

@lhotari lhotari added area/security doc-not-needed Your PR changes do not impact docs labels Jan 10, 2022
@lhotari lhotari self-assigned this Jan 10, 2022
@lhotari lhotari added this to the 2.10.0 milestone Jan 10, 2022
@hezhangjian
Copy link
Member

needed to change license txt

nicoloboschi
nicoloboschi approved these changes Jan 10, 2022
View reviewed changes
Copy link
Contributor

@nicoloboschi nicoloboschi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

lhotari added a commit to datastax/pulsar that referenced this pull request Jan 10, 2022
@lhotari
[Security] Upgrade Jackson to 2.12.6 (apache#13694)
56f2761
eolivelli
eolivelli approved these changes Jan 10, 2022
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@eolivelli
Copy link
Contributor

@gaoran10 please cherry pick this before cutting 2.9.2

@lhotari lhotari merged commit f8a9159 into apache:master Jan 10, 2022
liudezhi2098 pushed a commit to liudezhi2098/pulsar that referenced this pull request Jan 11, 2022
@lhotari @liudezhi2098
[Security] Upgrade Jackson to 2.12.6 (apache#13694)
f82cf2b 
* [Security] Upgrade Jackson to 2.12.6

* update LICENSE files
codelipenghui pushed a commit that referenced this pull request Jan 18, 2022
@lhotari @codelipenghui
[Security] Upgrade Jackson to 2.12.6 (#13694)
69e0499 
* [Security] Upgrade Jackson to 2.12.6

* update LICENSE files

(cherry picked from commit f8a9159)
@codelipenghui codelipenghui added the cherry-picked/branch-2.9 Archived: 2.9 is end of life label Jan 18, 2022
codelipenghui pushed a commit that referenced this pull request Jan 18, 2022
@lhotari @codelipenghui
[Security] Upgrade Jackson to 2.12.6 (#13694)
e34b224 
* [Security] Upgrade Jackson to 2.12.6

* update LICENSE files
@codelipenghui codelipenghui added the cherry-picked/branch-2.8 Archived: 2.8 is end of life label Jan 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicoloboschi nicoloboschi nicoloboschi approved these changes

@Demogorgon314 Demogorgon314 Demogorgon314 approved these changes

@hezhangjian hezhangjian hezhangjian approved these changes

@eolivelli eolivelli eolivelli approved these changes

@315157973 315157973 Awaiting requested review from 315157973

@codelipenghui codelipenghui Awaiting requested review from codelipenghui

@michaeljmarshall michaeljmarshall Awaiting requested review from michaeljmarshall

Assignees

@lhotari lhotari

Labels
area/security cherry-picked/branch-2.8 Archived: 2.8 is end of life cherry-picked/branch-2.9 Archived: 2.9 is end of life doc-not-needed Your PR changes do not impact docs release/2.8.3 release/2.9.2
Projects
None yet
Milestone
2.10.0
Development

Successfully merging this pull request may close these issues.
6 participants
@lhotari @hezhangjian @eolivelli @Demogorgon314 @nicoloboschi @codelipenghui