summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederiko Costa <frederiko@gmail.com>2022-01-22 14:51:09 +0800
committermaoling <maoling@apache.org>2022-01-22 14:51:09 +0800
commitf1084cde2f977dd7dace7f77662b19ab494405b3 (patch)
treef4208024d67630030e1823a967893e2c12f592ef
parente0d9ec44a9cd76158e575d4318543825f08112ba (diff)
downloadzookeeper-f1084cde2f977dd7dace7f77662b19ab494405b3.tar.gz
ZOOKEEPER-4429: Update jackson-databind to 2.13.1
This PR updates jackson-databind to 2.13.1 to address a raised vulnerability that could possible DoS attack certain versions of Jackson. Please refer to GH issue #3328 for further info. On top of that, it also fixes now deprecated `PropertyNamingStrategy` class initialization issue #2715. Author: Frederiko Costa <frederiko@gmail.com> Reviewers: Enrico Olivelli <eolivelli@apache.org>, Shoothzj <shoothzj@gmail.com>, maoling <maoling@apache.org> Closes #1786 from frederiko/ZOOKEEPER-4429_update_jackson_databind
-rw-r--r--build.xml2
-rwxr-xr-xpom.xml2
-rw-r--r--zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JsonOutputter.java4
3 files changed, 4 insertions, 4 deletions
diff --git a/build.xml b/build.xml
index beb77442e..7c887a34a 100644
--- a/build.xml
+++ b/build.xml
@@ -55,7 +55,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
<property name="javacc.version" value="5.0"/>
<property name="jetty.version" value="9.4.43.v20210629"/>
- <property name="jackson.version" value="2.10.3"/>
+ <property name="jackson.version" value="2.13.1"/>
<property name="dependency-check-ant.version" value="5.2.4"/>
<property name="commons-io.version" value="2.6"/>
diff --git a/pom.xml b/pom.xml
index c6ddbd470..fe430cf41 100755
--- a/pom.xml
+++ b/pom.xml
@@ -299,7 +299,7 @@
<commons-cli.version>1.2</commons-cli.version>
<jetty.version>9.4.43.v20210629</jetty.version>
<netty.version>4.1.70.Final</netty.version>
- <jackson.version>2.10.5.1</jackson.version>
+ <jackson.version>2.13.1</jackson.version>
<json.version>1.1.1</json.version>
<jline.version>2.14.6</jline.version>
<snappy.version>1.1.7</snappy.version>
diff --git a/zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JsonOutputter.java b/zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JsonOutputter.java
index 566444fdb..62e83c906 100644
--- a/zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JsonOutputter.java
+++ b/zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JsonOutputter.java
@@ -21,7 +21,7 @@ package org.apache.zookeeper.server.admin;
import com.fasterxml.jackson.core.JsonGenerationException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.PropertyNamingStrategy;
+import com.fasterxml.jackson.databind.PropertyNamingStrategies;
import com.fasterxml.jackson.databind.SerializationFeature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -40,7 +40,7 @@ public class JsonOutputter implements CommandOutputter {
mapper = new ObjectMapper();
mapper.configure(SerializationFeature.WRITE_ENUMS_USING_TO_STRING, true);
mapper.configure(SerializationFeature.INDENT_OUTPUT, true);
- mapper.setPropertyNamingStrategy(PropertyNamingStrategy.SNAKE_CASE);
+ mapper.setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE);
}
@Override