Skip to content

Commit

Permalink
JAVA-3100: Update jackson-databind to 2.13.4.1 and (#1694)
Browse files Browse the repository at this point in the history
jackson-jaxrs-json-provider to 2.13.4 to address recent CVEs

Additional:
- Remove unused maven property legacy-jackson.version
  • Loading branch information
hhughes authored Aug 10, 2023
1 parent ec93ef9 commit 60c9cbc
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
6 changes: 6 additions & 0 deletions core/revapi.json
Original file line number Diff line number Diff line change
Expand Up @@ -6950,6 +6950,12 @@
"old": "method <T> com.datastax.oss.driver.api.core.type.reflect.GenericType<com.datastax.oss.driver.api.core.data.CqlVector<T>> com.datastax.oss.driver.api.core.type.reflect.GenericType<T>::vectorOf(com.datastax.oss.driver.api.core.type.reflect.GenericType<T>)",
"new": "method <T extends java.lang.Number> com.datastax.oss.driver.api.core.type.reflect.GenericType<com.datastax.oss.driver.api.core.data.CqlVector<T>> com.datastax.oss.driver.api.core.type.reflect.GenericType<T>::vectorOf(com.datastax.oss.driver.api.core.type.reflect.GenericType<T>)",
"justification": "Refactorings in PR 1666"
},
{
"code": "java.method.returnTypeChangedCovariantly",
"old": "method java.lang.Throwable java.lang.Throwable::fillInStackTrace() @ com.fasterxml.jackson.databind.deser.UnresolvedForwardReference",
"new": "method com.fasterxml.jackson.databind.deser.UnresolvedForwardReference com.fasterxml.jackson.databind.deser.UnresolvedForwardReference::fillInStackTrace()",
"justification": "Upgrade jackson-databind to 2.13.4.1 to address CVEs, API change cause: https://github.com/FasterXML/jackson-databind/issues/3419"
}
]
}
Expand Down
5 changes: 2 additions & 3 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -57,9 +57,8 @@
<slf4j.version>1.7.26</slf4j.version>
<reactive-streams.version>1.0.3</reactive-streams.version>
<json.version>20230227</json.version>
<jackson.version>2.13.2</jackson.version>
<jackson-databind.version>2.13.2.2</jackson-databind.version>
<legacy-jackson.version>1.9.12</legacy-jackson.version>
<jackson.version>2.13.4</jackson.version>
<jackson-databind.version>2.13.4.1</jackson-databind.version>
<!-- optional dependencies -->
<snappy.version>1.1.10.1</snappy.version>
<lz4.version>1.7.1</lz4.version>
Expand Down

0 comments on commit 60c9cbc

Please sign in to comment.