This is an automated email from the ASF dual-hosted git repository.
zjffdu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push:
new caeb9e2 [ZEPPELIN-5027] upgrade jackson due to CVEs
caeb9e2 is described below
commit caeb9e2e08d8f19c44abe7a9695d05eb690a7298
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Mon Mar 21 13:00:56 2022 +0100
[ZEPPELIN-5027] upgrade jackson due to CVEs
### What is this PR for?
Existing jackson dependencies have CVEs
### What type of PR is it?
Bug Fix
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-5027
### How should this be tested?
* Strongly recommended: add automated unit tests for any new or changed
behavior
* Outline any manual steps to test the PR here.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update?
* Is there breaking changes for older versions?
* Does this needs documentation?
Author: PJ Fanning <pjfann...@users.noreply.github.com>
Closes #4325 from pjfanning/patch-2 and squashes the following commits:
5e3603c618 [PJ Fanning] upgrade jackson used with neo4j
c780799ec7 [PJ Fanning] Update LICENSE
af6ce8ba99 [PJ Fanning] [ZEPPELIN-5027] upgrade jackson due to CVEs
---
neo4j/pom.xml | 2 +-
zeppelin-distribution/src/bin_license/LICENSE | 2 +-
zeppelin-server/pom.xml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/neo4j/pom.xml b/neo4j/pom.xml
index 389d52c..93f695d 100644
--- a/neo4j/pom.xml
+++ b/neo4j/pom.xml
@@ -33,7 +33,7 @@
<properties>
<neo4j.driver.version>4.1.1</neo4j.driver.version>
- <jackson.version>2.10.3</jackson.version>
+ <jackson.version>2.10.5.1</jackson.version>
<interpreter.name>neo4j</interpreter.name>
</properties>
diff --git a/zeppelin-distribution/src/bin_license/LICENSE
b/zeppelin-distribution/src/bin_license/LICENSE
index 583b8c0..a1d7b4f 100644
--- a/zeppelin-distribution/src/bin_license/LICENSE
+++ b/zeppelin-distribution/src/bin_license/LICENSE
@@ -53,7 +53,7 @@ The following components are provided under Apache License.
(Apache 2.0) Google Guava (com.google.guava:guava:15.0 -
https://code.google.com/p/guava-libraries/)
(Apache 2.0) Jackson (com.fasterxml.jackson.core:jackson-core:2.9.10 -
https://github.com/FasterXML/jackson-core)
(Apache 2.0) Jackson
(com.fasterxml.jackson.core:jackson-annotations:2.9.10 -
https://github.com/FasterXML/jackson-core)
- (Apache 2.0) Jackson (com.fasterxml.jackson.core:jackson-databind:2.9.10.6
- https://github.com/FasterXML/jackson-core)
+ (Apache 2.0) Jackson (com.fasterxml.jackson.core:jackson-databind:2.9.10.8
- https://github.com/FasterXML/jackson-core)
(Apache 2.0) Jackson Mapper ASL
(org.codehaus.jackson:jackson-mapper-asl:1.9.13 -
https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.13)
(Apache 2.0) javax.servlet
(org.eclipse.jetty.orbit:javax.servlet:jar:3.1.0.v201112011016 -
http://www.eclipse.org/jetty)
(Apache 2.0) Jackson (org.codehaus.jackson:jackson-core-asl:1.9.13 -
http://jackson.codehaus.org/)
diff --git a/zeppelin-server/pom.xml b/zeppelin-server/pom.xml
index 2099047..db0ba1e 100644
--- a/zeppelin-server/pom.xml
+++ b/zeppelin-server/pom.xml
@@ -38,7 +38,7 @@
<javax.ws.rsapi.version>2.1</javax.ws.rsapi.version>
<libpam4j.version>1.11</libpam4j.version>
<jna.version>4.1.0</jna.version>
- <jackson.version>2.9.10.6</jackson.version>
+ <jackson.version>2.9.10.8</jackson.version>
<nimbus.version>9.13</nimbus.version>
<kerberos.version>2.0.0-M15</kerberos.version>
