[knox] branch master updated: KNOX-1939 - Upgrade jackson-databind to 2.9.9.1

krisden Thu, 25 Jul 2019 07:49:24 -0700

This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git



The following commit(s) were added to refs/heads/master by this push:
     new 6b080d8  KNOX-1939 - Upgrade jackson-databind to 2.9.9.1
6b080d8 is described below

commit 6b080d8fe298fdca33b3479c8a78e0d4ab8e82d0
Author: Zsombor Gegesy <zsom...@apache.org>
AuthorDate: Thu Jul 25 14:29:29 2019 +0200

    KNOX-1939 - Upgrade jackson-databind to 2.9.9.1
    
    Change-Id: Id13def45fa51f9c114497d48b91c909790ae31d3
    Signed-off-by: Kevin Risden <kris...@apache.org>
---
 pom.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 94c82b9..ea85896 100644
--- a/pom.xml
+++ b/pom.xml
@@ -183,6 +183,11 @@
         <httpcore.version>4.4.11</httpcore.version>
         <j2e-pac4j.version>4.1.0</j2e-pac4j.version>
         <jackson.version>2.9.9</jackson.version>
+        <!--
+          jackson-databind released a small bug fix for a CVE
+          remove the extra version when jackson version is bumped to 2.10.x
+        -->
+        <jackson-databind.version>2.9.9.1</jackson-databind.version>
         <jacoco-maven-plugin.version>0.8.4</jacoco-maven-plugin.version>
         <jansi.version>1.18</jansi.version>
         <javax.activation.version>1.2.0</javax.activation.version>
@@ -1457,7 +1462,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-databind</artifactId>
-                <version>${jackson.version}</version>
+                <version>${jackson-databind.version}</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.dataformat</groupId>

[knox] branch master updated: KNOX-1939 - Upgrade jackson-databind to 2.9.9.1

Reply via email to