diff options
author | Edwin Hobor <edwinhobor@gmail.com> | 2022-03-31 00:27:23 +0530 |
---|---|---|
committer | Mohammad Arshad <arshad@apache.org> | 2022-03-31 00:27:52 +0530 |
commit | 0db19ed33ab31cc1fa20486dfd77719b867423e5 (patch) | |
tree | 75d592110b1b628396dda565b997eb2b3627ecb4 | |
parent | 9310338f70748569c5690df87082820aff1b9ea4 (diff) | |
download | zookeeper-0db19ed33ab31cc1fa20486dfd77719b867423e5.tar.gz |
ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
CVE-2020-36518 vulnerability affects jackson-databind in Zookeeper (see https://github.com/advisories/GHSA-57j2-w4cx-62h2).
Upgrading to jackson-databind version 2.13.2.1 should address this issue.
Author: Edwin Hobor <edwinhobor@gmail.com>
Reviewers: maoling <maoling@apache.org>,Enrico Olivelli <eolivelli@apache.org>, Mohammad Arshad <arshad@apache.org>
Closes #1842 from edwin092/edwin/ZOOKEEPER-4505
(cherry picked from commit 78bbb123cfcbdd8da9d118f08b49d1d00c43f53d)
Signed-off-by: Mohammad Arshad <arshad@apache.org>
-rwxr-xr-x | pom.xml | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -470,7 +470,7 @@ <netty.version>4.1.73.Final</netty.version> <netty.tcnative.version>2.0.48.Final</netty.tcnative.version> <jetty.version>9.4.43.v20210629</jetty.version> - <jackson.version>2.13.1</jackson.version> + <jackson.version>2.13.2.1</jackson.version> <jline.version>2.14.6</jline.version> <snappy.version>1.1.7.7</snappy.version> <kerby.version>2.0.0</kerby.version> |