Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list #4345

Merged
merged 2 commits into from
May 9, 2024
Merged

Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list #4345

merged 2 commits into from
May 9, 2024

Conversation

shoothzj
Copy link
Member

@shoothzj shoothzj commented May 6, 2024
edited

changes

  • CVE-2023-5072(7.5), CVE-2022-45688(7.5)
  • Also bump apache from 29 to 32, it will update some maven plugins(like maven-shade-plugin), to support jdk21

@shoothzj shoothzj changed the title Bump jackson from 2.13.4.20221013 to 2.17.1 address CVE list Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list May 7, 2024
@shoothzj
Copy link
Member Author

shoothzj commented May 7, 2024

we might need to switch to jdk17 for build. I will open a discuss latter

@shoothzj
Copy link
Member Author

shoothzj commented May 9, 2024
edited

we might need to switch to jdk17 for build. I will open a discuss latter

maven-shade-plugin needs to update to support jdk21. org.apache:apache needs to be updated.

@shoothzj
Bump apache from 29 to 32 to make maven plugins support jdk21
8beb24c 
Signed-off-by: ZhangJian He <shoothzj@gmail.com>
@shoothzj
Bump apache from 29 to 31 to make maven plugins support jdk21
f5c3a91 
Signed-off-by: ZhangJian He <shoothzj@gmail.com>
eolivelli
eolivelli approved these changes May 9, 2024
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@eolivelli eolivelli merged commit c2df54d into apache:master May 9, 2024
21 checks passed
@shoothzj shoothzj deleted the jackson-2-17-1 branch May 9, 2024 10:47
shoothzj added a commit that referenced this pull request May 9, 2024
@shoothzj
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345)
6fb5a39
shoothzj added a commit that referenced this pull request May 9, 2024
@shoothzj
Bump jackson from 2.13.4.20221013 to 2.17.1 to address CVE list (#4345)
6c042fb
@hangc0276 hangc0276 added this to the 4.18.0 milestone May 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eolivelli eolivelli eolivelli approved these changes

Assignees

@shoothzj shoothzj

Labels
cherry-picked/branch-4.16 cherry-picked/branch-4.17 release/4.16.6 release/4.17.1
Projects
None yet
Milestone
4.18.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@shoothzj @eolivelli @hangc0276