Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) (#4779)

CHANGELOG.md

@@ -11,21 +11,16 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Support for HTTP/2 (server-side) ([#3847](https://github.com/opensearch-project/OpenSearch/pull/3847))
 - BWC version 2.2.2 ([#4383](https://github.com/opensearch-project/OpenSearch/pull/4383))
 - Support for labels on version bump PRs, skip label support for changelog verifier ([#4391](https://github.com/opensearch-project/OpenSearch/pull/4391))
-
 ### Dependencies
 - Bumps `com.diffplug.spotless` from 6.9.1 to 6.10.0
 - Bumps `xmlbeans` from 5.1.0 to 5.1.1
 - Bumps `commons-configuration2` from 2.7 to 2.8
-
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))
 - Use RemoteSegmentStoreDirectory instead of RemoteDirectory ([#4240](https://github.com/opensearch-project/OpenSearch/pull/4240))
 - Plugin ZIP publication groupId value is configurable ([#4156](https://github.com/opensearch-project/OpenSearch/pull/4156))
-
 ### Deprecated
-
 ### Removed
-
 ### Fixed
 - `opensearch-service.bat start` and `opensearch-service.bat manager` failing to run ([#4289](https://github.com/opensearch-project/OpenSearch/pull/4289))
 - PR reference to checkout code for changelog verifier ([#4296](https://github.com/opensearch-project/OpenSearch/pull/4296))
@@ -37,35 +32,26 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Fixed cancellation of segment replication events ([#4225](https://github.com/opensearch-project/OpenSearch/pull/4225))
 - Bugs for dependabot changelog verifier workflow ([#4364](https://github.com/opensearch-project/OpenSearch/pull/4364))
 - `opensearch.bat` fails to execute when install path includes spaces ([#4362](https://github.com/opensearch-project/OpenSearch/pull/4362))
-
 ### Security
 - CVE-2022-25857 org.yaml:snakeyaml DOS vulnerability ([#4341](https://github.com/opensearch-project/OpenSearch/pull/4341))
-
 ## [2.x]
 ### Added
 - Github workflow for changelog verification ([#4085](https://github.com/opensearch-project/OpenSearch/pull/4085))
 - Label configuration for dependabot PRs ([#4348](https://github.com/opensearch-project/OpenSearch/pull/4348))
-
 ### Changed
-
 ### Deprecated
-
 ### Removed
-
 ### Fixed
 - `opensearch-service.bat start` and `opensearch-service.bat manager` failing to run ([#4289](https://github.com/opensearch-project/OpenSearch/pull/4289))
 - PR reference to checkout code for changelog verifier ([#4296](https://github.com/opensearch-project/OpenSearch/pull/4296))
 - `opensearch.bat` and `opensearch-service.bat install` failing to run, missing logs directory ([#4305](https://github.com/opensearch-project/OpenSearch/pull/4305))
-
 ### Security
-
 ## [1.x]
 ### Added
 - Backported CODEOWNERS file and Dependabot configuration
 - Bump version to 1.3.7 ([#4701](https://github.com/opensearch-project/OpenSearch/pull/4701))
-
 ### Dependencies
 - Bumps jackson to 2.13.4 and snakeyml to 1.32 ([#4599](https://github.com/opensearch-project/OpenSearch/pull/4599))
-
+- Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) ([#4782](https://github.com/opensearch-project/OpenSearch/pull/4782))
 
 [Unreleased]: https://github.com/opensearch-project/OpenSearch/compare/2.2.0...HEAD

buildSrc/version.properties

@@ -10,7 +10,7 @@ bundled_jdk = 11.0.16+8
 spatial4j         = 0.7
 jts               = 1.15.0
 jackson           = 2.13.4
-jackson_databind  = 2.13.4
+jackson_databind  = 2.13.4.2
 snakeyaml         = 1.32
 icu4j             = 62.1
 supercsv          = 2.4.0

distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

modules/ingest-geoip/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

plugins/discovery-ec2/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

plugins/repository-azure/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

plugins/repository-hdfs/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

plugins/repository-s3/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585