Skip to content

Bump Jackson version#12360

Closed
maytasm wants to merge 1 commit intoapache:masterfrom
maytasm:fix_sec_val_jackson_databind
Closed

Bump Jackson version#12360
maytasm wants to merge 1 commit intoapache:masterfrom
maytasm:fix_sec_val_jackson_databind

Conversation

@maytasm
Copy link
Copy Markdown
Contributor

@maytasm maytasm commented Mar 21, 2022

Bump Jackson version

Description

Bump Jackson version to fix CVE-2020-36518

This PR has:

  • been self-reviewed.
  • added documentation for new or modified features or behaviors.
  • added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
  • added or updated version, license, or notice information in licenses.yaml
  • added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
  • added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
  • added integration tests.
  • been tested in a test Druid cluster.

@FrankChen021
Copy link
Copy Markdown
Member

FrankChen021 commented Mar 22, 2022

License check failed:

Error: found 1 missing licenses. These licenses are reported, but missing in the registry
druid_module: core, groupId: jakarta.xml.bind, artifactId: jakarta.xml.bind-api, version: 2.3.3, license: Eclipse Distribution License 1.0

@maytasm maytasm closed this Mar 22, 2022
@suneet-s
Copy link
Copy Markdown
Contributor

suneet-s commented Apr 11, 2022

#12411 is another attempt of this fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@maytasm @FrankChen021 @suneet-s