This is an automated email from the ASF dual-hosted git repository.
shoothzj pushed a commit to branch branch-4.16
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/branch-4.16 by this push:
new 6fb5a39e05 Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE
list (#4345)
6fb5a39e05 is described below
commit 6fb5a39e053b7e81c2104249a2eb711f48f82446
Author: ZhangJian He <[email protected]>
AuthorDate: Thu May 9 17:58:02 2024 +0800
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345)
---
bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt | 12 ++++++------
bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt | 12 ++++++------
bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt | 12 ++++++------
pom.xml | 8 ++++----
4 files changed, 22 insertions(+), 22 deletions(-)
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index f77aaced45..ab8ea8bad3 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -321,9 +321,9 @@ Apache Software License, Version 2.
- lib/org.hdrhistogram-HdrHistogram-2.1.10.jar [52]
- lib/com.carrotsearch-hppc-0.9.1.jar [53]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index 4a45e43f05..1e6c1b9518 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -292,9 +292,9 @@ Apache Software License, Version 2.
- lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51]
- lib/com.carrotsearch-hppc-0.9.1.jar [52]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 6914715a13..f6f8d9783d 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -205,9 +205,9 @@
The following bundled 3rd party jars are distributed under the
Apache Software License, Version 2.
-- lib/com.fasterxml.jackson.core-jackson-annotations-2.13.4.jar [1]
-- lib/com.fasterxml.jackson.core-jackson-core-2.13.4.jar [2]
-- lib/com.fasterxml.jackson.core-jackson-databind-2.13.4.2.jar [3]
+- lib/com.fasterxml.jackson.core-jackson-annotations-2.17.1.jar [1]
+- lib/com.fasterxml.jackson.core-jackson-core-2.17.1.jar [2]
+- lib/com.fasterxml.jackson.core-jackson-databind-2.17.1.jar [3]
- lib/com.google.guava-guava-32.0.1-jre.jar [4]
- lib/com.google.guava-failureaccess-1.0.1.jar [4]
-
lib/com.google.guava-listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
[4]
@@ -317,9 +317,9 @@ Apache Software License, Version 2.
- lib/io.reactivex.rxjava3-rxjava-3.0.1.jar [51]
- lib/com.carrotsearch-hppc-0.9.1.jar [52]
-[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.13.4
-[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.13.4
-[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.13.4.2
+[1] Source available at
https://github.com/FasterXML/jackson-annotations/tree/jackson-annotations-2.17.1
+[2] Source available at
https://github.com/FasterXML/jackson-core/tree/jackson-core-2.17.1
+[3] Source available at
https://github.com/FasterXML/jackson-databind/tree/jackson-databind-2.17.1
[4] Source available at https://github.com/google/guava/tree/v32.0.1
[5] Source available at https://github.com/apache/commons-cli/tree/cli-1.2
[6] Source available at
https://github.com/apache/commons-codec/tree/commons-codec-1.6-RC2
diff --git a/pom.xml b/pom.xml
index 8f552eef42..680d711b6c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -19,7 +19,7 @@
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>29</version>
+ <version>31</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.bookkeeper</groupId>
@@ -78,14 +78,14 @@
<subscribe>[email protected]</subscribe>
<unsubscribe>[email protected]</unsubscribe>
<post>[email protected]</post>
- <archive>http://www.mail-archive.com/[email protected]</archive>
+
<archive>https://www.mail-archive.com/[email protected]</archive>
</mailingList>
<mailingList>
<name>BookKeeper Dev</name>
<subscribe>[email protected]</subscribe>
<unsubscribe>[email protected]</unsubscribe>
<post>[email protected]</post>
- <archive>http://www.mail-archive.com/[email protected]</archive>
+ <archive>https://www.mail-archive.com/[email protected]</archive>
</mailingList>
<mailingList>
<name>BookKeeper Commits</name>
@@ -138,7 +138,7 @@
<kerby.version>1.1.1</kerby.version>
<hadoop.version>3.3.5</hadoop.version>
<hdrhistogram.version>2.1.10</hdrhistogram.version>
- <jackson.version>2.13.4.20221013</jackson.version>
+ <jackson.version>2.17.1</jackson.version>
<jcommander.version>1.82</jcommander.version>
<jetty.version>9.4.53.v20231009</jetty.version>
<jmh.version>1.37</jmh.version>
