This is an automated email from the ASF dual-hosted git repository.
ijuma pushed a commit to branch 2.5
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.5 by this push:
new 3bdef99 MINOR: Update jackson databind to 2.10.5.1 (#9702)
3bdef99 is described below
commit 3bdef9944351cb07bb4330387f65725029a91742
Author: Julien Jean Paul Sirocchi <[email protected]>
AuthorDate: Wed Dec 16 00:26:59 2020 +0000
MINOR: Update jackson databind to 2.10.5.1 (#9702)
Fixes:
* DOMDeserializer: setExpandEntityReferences(false) may not prevent
external entity
expansion in all cases (CVE-2020-25649)
Full details:
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#micro-patches
The cherry-pick to 2.5 also updated jackson from 2.10.2 to 2.10.5.
Reviewers: Ismael Juma <[email protected]>
---
gradle/dependencies.gradle | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 05644f3..6eadb6a 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -68,7 +68,8 @@ versions += [
grgit: "4.0.1",
httpclient: "4.5.11",
easymock: "4.1",
- jackson: "2.10.2",
+ jackson: "2.10.5",
+ jacksonDatabind: "2.10.5.1",
jacoco: "0.8.3",
jetty: "9.4.33.v20201020",
jersey: "2.31",
@@ -133,7 +134,7 @@ libs += [
commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
easymock: "org.easymock:easymock:$versions.easymock",
jacksonAnnotations:
"com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
- jacksonDatabind:
"com.fasterxml.jackson.core:jackson-databind:$versions.jackson",
+ jacksonDatabind:
"com.fasterxml.jackson.core:jackson-databind:$versions.jacksonDatabind",
jacksonDataformatCsv:
"com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson",
jacksonModuleScala:
"com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson",
jacksonJDK8Datatypes:
"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$versions.jackson",
