From b7e91794ea72b4d6cd876f4b05d35a8c2e902992 Mon Sep 17 00:00:00 2001
From: Steve Loughran <stevel@cloudera.com>
Date: Fri, 7 Oct 2022 15:53:14 +0100
Subject: [PATCH] HADOOP-18468: Upgrade jettison to 1.5.1 to fix CVE-2022-40149
 (#4937)

Contributed by PJ Fanning

Change-Id: If80704a83bc3bc065be293a89b0c3bb436dcf60f
---
 LICENSE-binary         | 2 +-
 hadoop-project/pom.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/LICENSE-binary b/LICENSE-binary
index ff72d373475f7..3ff026a0d6f29 100644
--- a/LICENSE-binary
+++ b/LICENSE-binary
@@ -351,7 +351,7 @@ org.codehaus.jackson:jackson-core-asl:1.9.13
 org.codehaus.jackson:jackson-jaxrs:1.9.13
 org.codehaus.jackson:jackson-mapper-asl:1.9.13
 org.codehaus.jackson:jackson-xc:1.9.13
-org.codehaus.jettison:jettison:1.1
+org.codehaus.jettison:jettison:1.5.1
 org.eclipse.jetty:jetty-annotations:9.4.48.v20220622
 org.eclipse.jetty:jetty-http:9.4.48.v20220622
 org.eclipse.jetty:jetty-io:9.4.48.v20220622
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index feccfb12e5d8a..adc82e4c5bf7e 100644
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -1514,7 +1514,7 @@
       <dependency>
         <groupId>org.codehaus.jettison</groupId>
         <artifactId>jettison</artifactId>
-        <version>1.1</version>
+        <version>1.5.1</version>
         <exclusions>
           <exclusion>
             <groupId>stax</groupId>