[kafka] branch 3.2 updated: KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#11962)

Wed, 30 Mar 2022 11:45:14 -0700 

This is an automated email from the ASF dual-hosted git repository.

cadonna pushed a commit to branch 3.2
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/3.2 by this push:
     new a6e4260  KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 
2.12.6.1 (#11962)
a6e4260 is described below

commit a6e4260d2321a7f16e5b5ceeb645c75c057e3cc9
Author: Edwin <[email protected]>
AuthorDate: Wed Mar 30 21:36:34 2022 +0300

    KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#11962)
    
    CVE-2020-36518 vulnerability affects jackson-databind (see 
GHSA-57j2-w4cx-62h2).
    
    Upgrading to jackson-databind version 2.12.6.1 addresses this CVE.
    
    Reviewers: Luke Chen <[email protected]>, Bruno Cadonna <[email protected]>
---
 LICENSE-binary             | 2 +-
 gradle/dependencies.gradle | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 42a8d79..72fa1a0 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -210,7 +210,7 @@ commons-cli-1.4
 commons-lang3-3.8.1
 jackson-annotations-2.12.3
 jackson-core-2.12.3
-jackson-databind-2.12.3
+jackson-databind-2.12.6.1
 jackson-dataformat-csv-2.12.3
 jackson-datatype-jdk8-2.12.3
 jackson-jaxrs-base-2.12.3
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index cd70511..6f3cb8f 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -67,6 +67,7 @@ versions += [
   httpclient: "4.5.13",
   easymock: "4.3",
   jackson: "2.12.6",
+  jacksonDatabind: "2.12.6.1",
   jacoco: "0.8.7",
   javassist: "3.27.0-GA",
   jetty: "9.4.44.v20210927",
@@ -135,7 +136,7 @@ libs += [
   commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
   easymock: "org.easymock:easymock:$versions.easymock",
   jacksonAnnotations: 
"com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
-  jacksonDatabind: 
"com.fasterxml.jackson.core:jackson-databind:$versions.jackson",
+  jacksonDatabind: 
"com.fasterxml.jackson.core:jackson-databind:$versions.jacksonDatabind",
   jacksonDataformatCsv: 
"com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson",
   jacksonModuleScala: 
"com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson",
   jacksonJDK8Datatypes: 
"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$versions.jackson",

Reply via email to