[kafka] branch 3.1 updated: KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#11962)

Wed, 30 Mar 2022 12:53:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

cadonna pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/3.1 by this push:
     new f919d9d  KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 
2.12.6.1 (#11962)
f919d9d is described below

commit f919d9d7858e7e9bcd8b15f1501439670c2198db
Author: Edwin <[email protected]>
AuthorDate: Wed Mar 30 21:36:34 2022 +0300

    KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#11962)
    
    CVE-2020-36518 vulnerability affects jackson-databind (see 
GHSA-57j2-w4cx-62h2).
    
    Upgrading to jackson-databind version 2.12.6.1 addresses this CVE.
    
    Reviewers: Luke Chen <[email protected]>, Bruno Cadonna <[email protected]>
---
 LICENSE-binary             | 2 +-
 gradle/dependencies.gradle | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index 68d051b..7a15a1f 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -210,7 +210,7 @@ commons-cli-1.4
 commons-lang3-3.8.1
 jackson-annotations-2.12.6
 jackson-core-2.12.6
-jackson-databind-2.12.6
+jackson-databind-2.12.6.1
 jackson-dataformat-csv-2.12.6
 jackson-datatype-jdk8-2.12.6
 jackson-jaxrs-base-2.12.6
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 0d77eb9..4e2f826 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -67,6 +67,7 @@ versions += [
   httpclient: "4.5.13",
   easymock: "4.3",
   jackson: "2.12.6",
+  jacksonDatabind: "2.12.6.1",
   jacoco: "0.8.7",
   javassist: "3.27.0-GA",
   jetty: "9.4.44.v20210927",
@@ -133,7 +134,7 @@ libs += [
   commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
   easymock: "org.easymock:easymock:$versions.easymock",
   jacksonAnnotations: 
"com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
-  jacksonDatabind: 
"com.fasterxml.jackson.core:jackson-databind:$versions.jackson",
+  jacksonDatabind: 
"com.fasterxml.jackson.core:jackson-databind:$versions.jacksonDatabind",
   jacksonDataformatCsv: 
"com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson",
   jacksonModuleScala: 
"com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson",
   jacksonJDK8Datatypes: 
"com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$versions.jackson",

Reply via email to