Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jackson 2.13.4.2 #1925

Merged
merged 1 commit into from
Oct 18, 2022
Merged

Jackson 2.13.4.2 #1925

merged 1 commit into from
Oct 18, 2022

Conversation

dlvenable
Copy link
Member

@dlvenable dlvenable commented Oct 15, 2022
edited
Loading

Description

Updates jackson-databind to 2.13.4.2 which has a fix for CVE-2022-42003.

./gradlew -p data-prepper-main dependencies | grep jackson-databind | head -n 10
|    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4 -> 2.13.4.2 (c)
|    |    +--- com.fasterxml.jackson.core:jackson-databind -> 2.13.4.2
|    |    |    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4 -> 2.13.4.2 (*)
|    |    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4.2 (c)
|    |    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4.2 (c)
|    |    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4.2 (c)
|    |    +--- com.fasterxml.jackson.core:jackson-databind -> 2.13.4.2 (*)
|    |    |    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4 -> 2.13.4.2 (*)
|    |    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4.2 (c)
|    |    |    |    +--- com.fasterxml.jackson.core:jackson-databind:2.13.4.2 (c)

Issues Resolved

N/A

Check List

  • New functionality includes testing.
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dlvenable
Jackson 2.13.4.2
680ec56 
Signed-off-by: David Venable <[email protected]>
@dlvenable dlvenable requested a review from a team as a code owner October 15, 2022 19:08
@sshivanii
Copy link
Contributor

We have a Gradle build failure but it's not relevant to this fix, are we planning to ignore it?

@asifsmohammed
Copy link
Collaborator

@sshivanii There is an open PR for fix the build failure. #1921

@dlvenable dlvenable merged commit 941f808 into opensearch-project:main Oct 18, 2022
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 18, 2022
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 18, 2022
@dlvenable @github-actions
Jackson 2.13.4.2 (#1925)
78e57b2 
Signed-off-by: David Venable <[email protected]>
(cherry picked from commit 941f808)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Oct 18, 2022
Merged
opensearch-trigger-bot bot pushed a commit that referenced this pull request Oct 18, 2022
@dlvenable @github-actions
Jackson 2.13.4.2 (#1925)
707280d 
Signed-off-by: David Venable <[email protected]>
(cherry picked from commit 941f808)
@dlvenable dlvenable deleted the jackson-2.13.4.2 branch October 19, 2022 02:48
dlvenable added a commit that referenced this pull request Oct 19, 2022
@opensearch-trigger-bot @dlvenable
Jackson 2.13.4.2 (#1925) (#1932)
62fa3b9 
Signed-off-by: David Venable <[email protected]>
(cherry picked from commit 941f808)

Co-authored-by: David Venable <[email protected]>
dlvenable added a commit that referenced this pull request Oct 19, 2022
@opensearch-trigger-bot @dlvenable
Jackson 2.13.4.2 (#1925) (#1933)
1a7b6cc 
Signed-off-by: David Venable <[email protected]>
(cherry picked from commit 941f808)

Co-authored-by: David Venable <[email protected]>
@dlvenable
Copy link
Member Author

Per the following issue, this CVE is resolved in 2.13.4.2.

FasterXML/jackson-databind#3590

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@asifsmohammed asifsmohammed asifsmohammed approved these changes

@sshivanii sshivanii sshivanii approved these changes

Assignees
No one assigned
Labels
backport 1.5 backport 2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dlvenable @sshivanii @asifsmohammed