Update Jackson Databind #1307
Labels
Milestone
Comments
10 tasks
|
Jackson is updated to 2.9.9.3 with TinkerPop 3.4.4 / 3.3.9, see TINKERPOP-2275. |
farodin91
added a commit
to GDATASoftwareAG/janusgraph
that referenced
this issue
Jan 29, 2020
Fixes JanusGraph#1307 Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
10 tasks
farodin91
added a commit
that referenced
this issue
Jan 29, 2020
Fixes #1307 Signed-off-by: Jan Jansen <jan.jansen@gdata.de>
LinhaoZhu
added a commit
to LinhaoZhu/janusgraph
that referenced
this issue
Feb 5, 2020
* Issue JanusGraph#1871: Close graph instance at end of mapper run. Signed-off-by: Ted Wilmes <ted.wilmes@experoinc.com> * Fixed broken dist docker-compose (updated to supported ES version) Signed-off-by: Michal Podstawski <mpodstawski@gmail.com> * Minor code cleanup (NPEs etc) Signed-off-by: Michal Podstawski <mpodstawski@gmail.com> * Spelling fixes * actually * amend * assumed * backend * cassandra * centric * check * cohabitors * configured * conjunction * connections * containing * control * currently * default * disabled-the * exhaust * existing * explicitly * generation * geoshape * graph-class * graph * gremlin * implement * increment * information * initial * instance * interfaces * it's * janus * labels * levenshtein * logies * message * nonexistent * overridden * overriding * parameterized * params * parsable * partitioner * password * payload * persistent * preceded * propagate * pseudo * recommended * requires * sequence * submission * temporary * truststore * unknown * upgrading * version * writing Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> * Add cell ttl support to BerkeleyDB Signed-off-by: Pavel Ershov <owner.mad.epa@gmail.com> * Improve added relations containers JanusGraph#1700 Signed-off-by: Pavel Ershov <owner.mad.epa@gmail.com> * Refactor in ES module Signed-off-by: Michał Podstawski <mpodstawski@gmail.com> * Add fixes for TP tests on berkeley backend Signed-off-by: Pavel Ershov <owner.mad.epa@gmail.com> * Add fixes for TP tests on berkeley backend Signed-off-by: Pavel Ershov <owner.mad.epa@gmail.com> * Add log4j.properties to inmemory Signed-off-by: Jan Jansen <jan.jansen@gdata.de> * JANUSGRAPH-1866 Filter out only system vertices in Hadoop Vertex deserializer Remove erroneously added unused import. Test that schema vertices are skipped. Hadoop vertices deserialization should skip schema vertices that are created implicitly when defining schema elements like labels. Correct tests for HBase Snapshot input format. Snapshot should be taken before reading the graph in order to have anything to read from. Signed-off-by: Evgeniy Ignatiev <yevgeniy.ignatyev@gmail.com> * Update Copyright year in documentation CTR [doc only] Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> * Extract JanusGraph Gremlin driver requirements * Predicates * Geoshape * RelationIdenitifier Signed-off-by: Jan Jansen <jan.jansen@gdata.de> * * Improve the CQLIterator performance by using getPagingStateUnsafe ( this should avoid md5sum calculation of resultset) Signed-off-by: Ganesh Guttikonda <gguttikonda@snapfish-llc.com> * Update to TinkerPop 3.4.4 Fixes JanusGraph#1617 Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> * upgrading inmemory backend storage layout to reduce memory footprint (JanusGraph#1483) Signed-off-by: Dmitry Kovalev <dk.global@gmail.com> * Add testcontainers support for cassandra [full build] Fixes JanusGraph#1475 * Update jacoco * Cleanup pom.xml * Introduce profiles for Cassandra * Update TESTING.md Signed-off-by: Jan Jansen <jan.jansen@gdata.de> * Add 'Getting Started' guide to documentation [doc only] Signed-off-by: Florian Grieskamp <florian.grieskamp@gdata.de> * Fix installation docs missing hadoop-2 in examples CTR [doc only] Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> * JanusGraph release 0.3.3 [full build] Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> * JanusGraph release 0.4.1 [full build] Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> * [doc only] Updated in-memory backend documentation (JanusGraph#1934) to explain possible production use cases, limitations and alternatives (issue JanusGraph#1929) Signed-off-by: Dmitry Kovalev <dk.global@gmail.com> * Split up hadoop implementations [full build] Signed-off-by: Jan Jansen <jan.jansen@gdata.de> * Fix inmemory docs format CTR [doc only] Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> * Bump jackson2.version from 2.6.6 to 2.10.2 Fixes JanusGraph#1307 Signed-off-by: Jan Jansen <jan.jansen@gdata.de> * Bump v0.3 branch to 0.3.4-SNAPSHOT CTR [doc only] Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> * Bump v0.4 branch to 0.4.2-SNAPSHOT CTR [doc only] Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com> Co-authored-by: Ted Wilmes <twilmes@gmail.com> Co-authored-by: micpod <57301006+micpod@users.noreply.github.com> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com> Co-authored-by: Pavel <owner.mad.epa@gmail.com> Co-authored-by: Oleksandr Porunov <alexandr.porunov@gmail.com> Co-authored-by: Jan Jansen <farodin91@users.noreply.github.com> Co-authored-by: Evgeniy Ignatiev <YevIgn@users.noreply.github.com> Co-authored-by: gani8780 <gguttikonda@snapfish-llc.com> Co-authored-by: Dmitry Kovalev <dk.global@gmail.com> Co-authored-by: rngcntr <7890887+rngcntr@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 com.fasterxml.jackson.core:jackson-databind vulnerabilities found in pom.xml
Remediation: Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.8.11.1 or later.
Details:
Apache TinkerPop has a similar issue with TINKERPOP-2068 (also related TINKERPOP-2016).
Most usages in JanusGraph use the shaded version from TinkerPop. The only spot where I saw a direct usage of jackson-databind was in janusgraph-codepipelines-ci.
One other aspect to be mindful of is how Hadoop and Spark handle the Jackson dependency per comments in TINKERPOP-2016
The text was updated successfully, but these errors were encountered: