root
/
kafka
mirror of https://github.com/apache/kafka.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity

KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#11962) 

CVE-2020-36518 vulnerability affects jackson-databind (see GHSA-57j2-w4cx-62h2).

Upgrading to jackson-databind version 2.12.6.1 addresses this CVE.

Reviewers: Luke Chen <showuon@gmail.com>, Bruno Cadonna <cadonna@apache.org>
This commit is contained in:
Edwin 2022-03-30 21:36:34 +03:00 committed by GitHub
parent bb60eb86e1
commit 76ca62a396
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LICENSE-binary
View File

@ -210,7 +210,7 @@ commons-cli-1.4
commons-lang3-3.8.1 commons-lang3-3.8.1
jackson-annotations-2.12.3 jackson-annotations-2.12.3
jackson-core-2.12.3 jackson-core-2.12.3
jackson-databind-2.12.3 jackson-databind-2.12.6.1
jackson-dataformat-csv-2.12.3 jackson-dataformat-csv-2.12.3
jackson-datatype-jdk8-2.12.3 jackson-datatype-jdk8-2.12.3
jackson-jaxrs-base-2.12.3 jackson-jaxrs-base-2.12.3

3
gradle/dependencies.gradle
View File

@ -67,6 +67,7 @@ versions += [
httpclient: "4.5.13", httpclient: "4.5.13",
easymock: "4.3", easymock: "4.3",
jackson: "2.12.6", jackson: "2.12.6",
jacksonDatabind: "2.12.6.1",
jacoco: "0.8.7", jacoco: "0.8.7",
javassist: "3.27.0-GA", javassist: "3.27.0-GA",
jetty: "9.4.44.v20210927", jetty: "9.4.44.v20210927",
@ -135,7 +136,7 @@ libs += [
commonsCli: "commons-cli:commons-cli:$versions.commonsCli", commonsCli: "commons-cli:commons-cli:$versions.commonsCli",
easymock: "org.easymock:easymock:$versions.easymock", easymock: "org.easymock:easymock:$versions.easymock",
jacksonAnnotations: "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson", jacksonAnnotations: "com.fasterxml.jackson.core:jackson-annotations:$versions.jackson",
jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jackson", jacksonDatabind: "com.fasterxml.jackson.core:jackson-databind:$versions.jacksonDatabind",
jacksonDataformatCsv: "com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson", jacksonDataformatCsv: "com.fasterxml.jackson.dataformat:jackson-dataformat-csv:$versions.jackson",
jacksonModuleScala: "com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson", jacksonModuleScala: "com.fasterxml.jackson.module:jackson-module-scala_$versions.baseScala:$versions.jackson",
jacksonJDK8Datatypes: "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$versions.jackson", jacksonJDK8Datatypes: "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:$versions.jackson",