This is an automated email from the ASF dual-hosted git repository. krisden pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push: new 6b080d8 KNOX-1939 - Upgrade jackson-databind to 2.9.9.1 6b080d8 is described below commit 6b080d8fe298fdca33b3479c8a78e0d4ab8e82d0 Author: Zsombor Gegesy <zsom...@apache.org> AuthorDate: Thu Jul 25 14:29:29 2019 +0200 KNOX-1939 - Upgrade jackson-databind to 2.9.9.1 Change-Id: Id13def45fa51f9c114497d48b91c909790ae31d3 Signed-off-by: Kevin Risden <kris...@apache.org> --- pom.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 94c82b9..ea85896 100644 --- a/pom.xml +++ b/pom.xml @@ -183,6 +183,11 @@ <httpcore.version>4.4.11</httpcore.version> <j2e-pac4j.version>4.1.0</j2e-pac4j.version> <jackson.version>2.9.9</jackson.version> + <!-- + jackson-databind released a small bug fix for a CVE + remove the extra version when jackson version is bumped to 2.10.x + --> + <jackson-databind.version>2.9.9.1</jackson-databind.version> <jacoco-maven-plugin.version>0.8.4</jacoco-maven-plugin.version> <jansi.version>1.18</jansi.version> <javax.activation.version>1.2.0</javax.activation.version> @@ -1457,7 +1462,7 @@ <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>${jackson.version}</version> + <version>${jackson-databind.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.dataformat</groupId>