Skip to content

KAFKA-20773: Bump jackson to 2.21.5#22793

Merged
mimaison merged 2 commits into
apache:trunkfrom
fvaleri:bump-jackson
Jul 9, 2026
Merged

KAFKA-20773: Bump jackson to 2.21.5#22793
mimaison merged 2 commits into
apache:trunkfrom
fvaleri:bump-jackson

Conversation

@fvaleri

@fvaleri fvaleri commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

This patch fixes a Jackson Databind vulnerability reported in:

https: //nvd.nist.gov/vuln/detail/CVE-2026-54515
Reviewers: Mickael Maison mickael.maison@gmail.com

This patch fixes a Jackson Databind vulnerability reported in:

https://nvd.nist.gov/vuln/detail/CVE-2026-54515

Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@github-actions github-actions Bot added build Gradle build or GitHub Actions triage PRs from the community small Small PRs labels Jul 9, 2026
Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@github-actions github-actions Bot added the dependencies Pull requests that update a dependency file label Jul 9, 2026

@mimaison mimaison left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mimaison mimaison merged commit 38924cb into apache:trunk Jul 9, 2026
20 checks passed
mimaison pushed a commit that referenced this pull request Jul 9, 2026
This patch fixes a Jackson Databind vulnerability reported in:

https: //nvd.nist.gov/vuln/detail/CVE-2026-54515
Reviewers: Mickael Maison <mickael.maison@gmail.com>

---------

Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
mimaison pushed a commit that referenced this pull request Jul 9, 2026
This patch fixes a Jackson Databind vulnerability reported in:

https: //nvd.nist.gov/vuln/detail/CVE-2026-54515
Reviewers: Mickael Maison <mickael.maison@gmail.com>

---------

Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@mimaison

mimaison commented Jul 9, 2026

Copy link
Copy Markdown
Member

Backported to:

@fvaleri fvaleri deleted the bump-jackson branch July 9, 2026 14:04
@github-actions github-actions Bot removed the triage PRs from the community label Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

build Gradle build or GitHub Actions ci-approved dependencies Pull requests that update a dependency file small Small PRs

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants