Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Jackson to 2.13.3 #5076

Merged
merged 4 commits into from
Jun 12, 2022
Merged

Update Jackson to 2.13.3 #5076

merged 4 commits into from
Jun 12, 2022

Conversation

senivam
Copy link
Contributor

@senivam senivam commented Jun 7, 2022

Signed-off-by: Maxim Nesen [email protected]

Signed-off-by: Maxim Nesen <[email protected]>
@senivam senivam self-assigned this Jun 7, 2022
@senivam senivam linked an issue Jun 7, 2022 that may be closed by this pull request
@senivam
Copy link
Contributor Author

senivam commented Jun 7, 2022

CQs:

  • 24131 - com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider
  • 24132 - com.fasterxml.jackson.jaxrs:jackson-jaxrs-base
  • 24134 - com.fasterxml.jackson.core:jackson-core
  • 24135 - com.fasterxml.jackson.core:jackson-annotations
  • 24136 - com.fasterxml.jackson.core:jackson-databind
  • 24137 - com.fasterxml.jackson.module:jackson-module-jaxb-annotations
  • 24138 - com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  • 24139 - com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider

created

@jansupol
Copy link
Contributor

jansupol commented Jun 8, 2022

I think that we need CQs for

  • com.fasterxml.jackson.core:jackson-core
  • com.fasterxml.jackson.jaxrs:jackson-jaxrs-base
  • com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider
  • com.fasterxml.jackson.module:jackson-module-jaxb-annotations
  • com.fasterxml.jackson.core:jackson-databind
  • com.fasterxml.jackson.core:jackson-annotations
  • com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  • com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider

Especially the jackson-databind module because it is where the CVE is.

@senivam
Copy link
Contributor Author

senivam commented Jun 9, 2022

I think that we need CQs for

  • com.fasterxml.jackson.core:jackson-core
  • com.fasterxml.jackson.jaxrs:jackson-jaxrs-base
  • com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider
  • com.fasterxml.jackson.module:jackson-module-jaxb-annotations
  • com.fasterxml.jackson.core:jackson-databind
  • com.fasterxml.jackson.core:jackson-annotations
  • com.fasterxml.jackson.datatype:jackson-datatype-jdk8
  • com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider

Especially the jackson-databind module because it is where the CVE is.

A full list of CQs is listed in my message above.

@jansupol
Copy link
Contributor

jansupol commented Jun 9, 2022

Please update notice file in the jackson module, too.

@jansupol jansupol added this to the 2.36 milestone Jun 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update Jackson to 2.13.3
3 participants