security: upgrade jackson to avoid security vulnerabilities #1756
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## develop #1756 +/- ##
=============================================
- Coverage 50.07% 50.06% -0.01%
Complexity 2130 2130
=============================================
Files 412 412
Lines 14218 14218
Branches 1715 1715
=============================================
- Hits 7119 7118 -1
Misses 6411 6411
- Partials 688 689 +1
Continue to review full report at Codecov.
|
slievrly
changed the title
dangquocbang
pushed a commit
to dangquocbang/seata
that referenced
this pull request
Oct 14, 2019
* 'develop' of https://github.com/seata/seata: test: enhance test coverage of seata common (apache#1755) security: upgrade jackson to avoid security vulnerabilities (apache#1756) bugfix:rm channel register null resource (apache#1401) bugfix:fix memory lock is not released due to hash conflict (apache#1751) optimize:use raw types instead of boxing types (apache#1747) change get charset (apache#1707) fix undo support oracle table meta cache (apache#1749) bugfix: fix use 'in' and 'between' in where condition for Oracle and Mysql (apache#1699) optimize:add some server's jvm parameters (apache#1738) Saga implementation base on state machine (apache#1608) optimize:inner class may be static (apache#1706) feature: retry when tm commit or rollback failed (apache#1739) optimize: abstract common undolog manager method (apache#1712) bugfix: when tm commit or rollback failed,xid need to be clean (apache#1735) optimize: eliminate the possibility of allocating too much direct memory (apache#1657) Based on Java 5 optimization (apache#1705) bugfix: oracle batch insert error (apache#1729) # Conflicts: # pom.xml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ⅰ. Describe what this PR did
This PR upgraded jackson version to 2.9.9 to avoid CVE-2019-12086.
Jackson ReleaseNote: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9.
Jackson Patch: databind/issue/2326.
Do we need to upgrade to latest version?
Ⅱ. Does this pull request fix one issue?
Ⅲ. Why don't you add test cases (unit test/integration test)?
Ⅳ. Describe how to verify it
Ⅴ. Special notes for reviews