This is an automated email from the ASF dual-hosted git repository. ijuma pushed a commit to branch 2.7 in repository https://gitbox.apache.org/repos/asf/kafka.git
commit e363c61b97e080d548f0ed5e27f32f97eb064a80 Author: Julien Jean Paul Sirocchi <[email protected]> AuthorDate: Wed Dec 16 00:26:59 2020 +0000 MINOR: Update jackson databind to 2.10.5.1 (#9702) Fixes: * DOMDeserializer: setExpandEntityReferences(false) may not prevent external entity expansion in all cases (CVE-2020-25649) Full details: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#micro-patches Reviewers: Ismael Juma <[email protected]> --- gradle/dependencies.gradle | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle index 0a28c3a..4ea280d 100644 --- a/gradle/dependencies.gradle +++ b/gradle/dependencies.gradle @@ -67,6 +67,7 @@ versions += [ httpclient: "4.5.12", easymock: "4.2", jackson: "2.10.5", + jacksonDatabind: "2.10.5.1", jacoco: "0.8.5", jetty: "9.4.33.v20201020", jersey: "2.31", @@ -134,7 +135,7 @@ libs += [ commonsCli: "commons-cli:commons-cli:$versions.commonsCli", easymock: "org.easymock:easymock:$versions.easymock", jacksonAnnotations: "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson", - jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jackson", + jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jacksonDatabind", jacksonDataformatCsv: "com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson", jacksonModuleScala: "com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson", jacksonJDK8Datatypes: "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$versions.jackson",
