Upgraded Jackson dependencies from 2.13.1 to 2.13.4/2.13.4.2 - CVE-20…

…20-36518 CVE-2022-42003 CVE-2022-42004 Signed-off-by: Alberto Codutti <alberto.codutti@eurotech.com>
eclipse · Oct 27, 2022 · 862f9a7 · 862f9a7
1 parent c098c63
commit 862f9a7
Showing 1 changed file with 26 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -58,7 +58,7 @@
         <h2.version>1.4.199</h2.version>
         <hk2-api.version>2.5.0-b05</hk2-api.version>
         <httpcomponents.version>4.5.13</httpcomponents.version>
-        <jackson.version>2.13.1</jackson.version>
+        <jackson.version>2.13.4</jackson.version>
         <javassist.version>3.26.0-GA</javassist.version>
         <javax-annotation-api.version>1.2</javax-annotation-api.version>
         <javax-batch-api.version>1.0.1</javax-batch-api.version>
@@ -1789,7 +1789,9 @@
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-databind</artifactId>
-                <version>${jackson.version}</version>
+                <!-- This '.2' is due to the fact that they released some patches for 2.13.4 only for this artifact.
+                In future releases it is likely to be aligned with all others artifact versions -->
+                <version>${jackson.version}.2</version>
             </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.dataformat</groupId>
@@ -1806,6 +1808,21 @@
                 <artifactId>jackson-dataformat-yaml</artifactId>
                 <version>${jackson.version}</version>
             </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.datatype</groupId>
+                <artifactId>jackson-datatype-guava</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.datatype</groupId>
+                <artifactId>jackson-datatype-jdk8</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.datatype</groupId>
+                <artifactId>jackson-datatype-jsr310</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.fasterxml.jackson.jaxrs</groupId>
                 <artifactId>jackson-jaxrs-base</artifactId>
@@ -1821,6 +1838,13 @@
                 <artifactId>jackson-module-jaxb-annotations</artifactId>
                 <version>${jackson.version}</version>
             </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.module</groupId>
+                <artifactId>jackson-module-parameter-names</artifactId>
+                <version>${jackson.version}</version>
+            </dependency>
+
+            <!-- -->
 
             <dependency>
                 <groupId>org.bitbucket.b_c</groupId>