Skip to content

Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list#4345

Merged
eolivelli merged 2 commits intoapache:masterfrom
hezhangjian:jackson-2-17-1
May 9, 2024
Merged

Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list#4345
eolivelli merged 2 commits intoapache:masterfrom
hezhangjian:jackson-2-17-1

Conversation

@hezhangjian
Copy link
Member

@hezhangjian hezhangjian commented May 6, 2024
edited
Loading

changes

  • CVE-2023-5072(7.5), CVE-2022-45688(7.5)
  • Also bump apache from 29 to 32, it will update some maven plugins(like maven-shade-plugin), to support jdk21

@hezhangjian hezhangjian changed the title Bump jackson from 2.13.4.20221013 to 2.17.1 address CVE list Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list May 7, 2024
@hezhangjian
Copy link
Member Author

hezhangjian commented May 7, 2024

we might need to switch to jdk17 for build. I will open a discuss latter

@hezhangjian
Copy link
Member Author

hezhangjian commented May 9, 2024
edited
Loading

we might need to switch to jdk17 for build. I will open a discuss latter

maven-shade-plugin needs to update to support jdk21. org.apache:apache needs to be updated.

ZhangJian He added 2 commits May 9, 2024 15:55
Bump apache from 29 to 32 to make maven plugins support jdk21
8beb24c 
Signed-off-by: ZhangJian He <shoothzj@gmail.com>
Bump apache from 29 to 31 to make maven plugins support jdk21
f5c3a91 
Signed-off-by: ZhangJian He <shoothzj@gmail.com>
eolivelli
eolivelli approved these changes May 9, 2024
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eolivelli eolivelli merged commit c2df54d into apache:master May 9, 2024
@hezhangjian hezhangjian deleted the jackson-2-17-1 branch May 9, 2024 10:47
hezhangjian pushed a commit that referenced this pull request May 9, 2024
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345)
6fb5a39
hezhangjian pushed a commit that referenced this pull request May 9, 2024
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345)
6c042fb
@hangc0276 hangc0276 added this to the 4.18.0 milestone May 25, 2024
Ghatage pushed a commit to sijie/bookkeeper that referenced this pull request Jul 12, 2024
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (apac…
8236257 
…he#4345)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eolivelli eolivelli eolivelli approved these changes

Assignees

@hezhangjian hezhangjian

Labels

cherry-picked/branch-4.16 cherry-picked/branch-4.17 release/4.16.6 release/4.17.1

Projects

None yet

Milestone

4.18.0

Development

Successfully merging this pull request may close these issues.

3 participants

@hezhangjian @eolivelli @hangc0276

Comments