From 776b2d2e9aeb090863c892143f5a645298b63976 Mon Sep 17 00:00:00 2001
From: Jihoon Son <jihoonson@apache.org>
Date: Thu, 7 Apr 2022 11:29:56 -0700
Subject: [PATCH 1/3] Bump Jackson to 2.13.2 (CVE-2020-36518)

---
 .../org/apache/druid/guice/GuiceAnnotationIntrospector.java   | 4 ++--
 licenses.yaml                                                 | 4 ++--
 pom.xml                                                       | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/core/src/main/java/org/apache/druid/guice/GuiceAnnotationIntrospector.java b/core/src/main/java/org/apache/druid/guice/GuiceAnnotationIntrospector.java
index ce49253e0ffb..c720994c5416 100644
--- a/core/src/main/java/org/apache/druid/guice/GuiceAnnotationIntrospector.java
+++ b/core/src/main/java/org/apache/druid/guice/GuiceAnnotationIntrospector.java
@@ -58,9 +58,9 @@ public Object findInjectableValueId(AnnotatedMember m)
       if (m instanceof AnnotatedMethod) {
         throw new IAE("Annotated methods don't work very well yet...");
       }
-      return Key.get(m.getGenericType());
+      return Key.get(m.getRawType());
     }
-    return Key.get(m.getGenericType(), guiceAnnotation);
+    return Key.get(m.getRawType(), guiceAnnotation);
   }
 
   /**
diff --git a/licenses.yaml b/licenses.yaml
index acbc5c411746..96cf8801d45a 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -237,7 +237,7 @@ name: Jackson
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.10.5
+version: 2.13.2
 libraries:
   - com.fasterxml.jackson.core: jackson-annotations
   - com.fasterxml.jackson.core: jackson-core
@@ -278,7 +278,7 @@ name: Jackson
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.10.5.1
+version: 2.13.2
 libraries:
   - com.fasterxml.jackson.core: jackson-databind
 notice: |
diff --git a/pom.xml b/pom.xml
index 8989bf5dd313..36cab688e9c2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -95,7 +95,7 @@
         <hamcrest.version>1.3</hamcrest.version>
         <jetty.version>9.4.40.v20210413</jetty.version>
         <jersey.version>1.19.4</jersey.version>
-        <jackson.version>2.10.5.20201202</jackson.version>
+        <jackson.version>2.13.2</jackson.version>
         <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
         <log4j.version>2.17.1</log4j.version>
         <mysql.version>5.1.48</mysql.version>

From 67d2467e960e45d95aebb693b8998f7a8458d624 Mon Sep 17 00:00:00 2001
From: Jihoon Son <jihoonson@apache.org>
Date: Thu, 7 Apr 2022 14:32:03 -0700
Subject: [PATCH 2/3] bump to 2.12.6.20220326

---
 licenses.yaml                                             | 4 ++--
 pom.xml                                                   | 2 +-
 .../org/apache/druid/client/cache/CacheConfigTest.java    | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/licenses.yaml b/licenses.yaml
index 96cf8801d45a..1c6c5b435011 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -237,7 +237,7 @@ name: Jackson
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.13.2
+version: 2.12.6.20220326
 libraries:
   - com.fasterxml.jackson.core: jackson-annotations
   - com.fasterxml.jackson.core: jackson-core
@@ -278,7 +278,7 @@ name: Jackson
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.13.2
+version: 2.12.6.20220326
 libraries:
   - com.fasterxml.jackson.core: jackson-databind
 notice: |
diff --git a/pom.xml b/pom.xml
index 36cab688e9c2..ca402081589a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -95,7 +95,7 @@
         <hamcrest.version>1.3</hamcrest.version>
         <jetty.version>9.4.40.v20210413</jetty.version>
         <jersey.version>1.19.4</jersey.version>
-        <jackson.version>2.13.2</jackson.version>
+        <jackson.version>2.12.6.20220326</jackson.version>
         <codehaus.jackson.version>1.9.13</codehaus.jackson.version>
         <log4j.version>2.17.1</log4j.version>
         <mysql.version>5.1.48</mysql.version>
diff --git a/server/src/test/java/org/apache/druid/client/cache/CacheConfigTest.java b/server/src/test/java/org/apache/druid/client/cache/CacheConfigTest.java
index d0ed06d2d6ed..d3586aedb864 100644
--- a/server/src/test/java/org/apache/druid/client/cache/CacheConfigTest.java
+++ b/server/src/test/java/org/apache/druid/client/cache/CacheConfigTest.java
@@ -130,22 +130,22 @@ public void testValidationInsaneError()
     throw new IllegalStateException("Should have already failed");
   }
 
-  @Test(expected = ProvisionException.class)
+  @Test
   public void testTRUE()
   {
     properties.put(PROPERTY_PREFIX + ".populateCache", "TRUE");
     configProvider.inject(properties, configurator);
     CacheConfig config = configProvider.get().get();
-    throw new IllegalStateException("Should have already failed");
+    Assert.assertTrue(config.isPopulateCache());
   }
 
-  @Test(expected = ProvisionException.class)
+  @Test
   public void testFALSE()
   {
     properties.put(PROPERTY_PREFIX + ".populateCache", "FALSE");
     configProvider.inject(properties, configurator);
     CacheConfig config = configProvider.get().get();
-    throw new IllegalStateException("Should have already failed");
+    Assert.assertFalse(config.isPopulateCache());
   }
 
 

From f830fd39d0d22c9cb5f76dba34efe245d46a5644 Mon Sep 17 00:00:00 2001
From: Jihoon Son <jihoonson@apache.org>
Date: Thu, 7 Apr 2022 17:10:42 -0700
Subject: [PATCH 3/3] fix license; fix kafkaEmitter test

---
 .../java/org/apache/druid/emitter/kafka/KafkaEmitterTest.java | 4 ++--
 licenses.yaml                                                 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/extensions-contrib/kafka-emitter/src/test/java/org/apache/druid/emitter/kafka/KafkaEmitterTest.java b/extensions-contrib/kafka-emitter/src/test/java/org/apache/druid/emitter/kafka/KafkaEmitterTest.java
index 422d18a7f153..82164b4d7412 100644
--- a/extensions-contrib/kafka-emitter/src/test/java/org/apache/druid/emitter/kafka/KafkaEmitterTest.java
+++ b/extensions-contrib/kafka-emitter/src/test/java/org/apache/druid/emitter/kafka/KafkaEmitterTest.java
@@ -19,9 +19,9 @@
 
 package org.apache.druid.emitter.kafka;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import org.apache.druid.jackson.DefaultObjectMapper;
 import org.apache.druid.java.util.common.DateTimes;
 import org.apache.druid.java.util.emitter.core.Event;
 import org.apache.druid.java.util.emitter.service.AlertEvent;
@@ -85,7 +85,7 @@ public void testKafkaEmitter() throws InterruptedException
     final KafkaProducer<String, String> producer = mock(KafkaProducer.class);
     final KafkaEmitter kafkaEmitter = new KafkaEmitter(
         new KafkaEmitterConfig("", "metrics", "alerts", requestTopic, "test-cluster", null),
-        new ObjectMapper()
+        new DefaultObjectMapper()
     )
     {
       @Override
diff --git a/licenses.yaml b/licenses.yaml
index 1c6c5b435011..a7ea287c77f1 100644
--- a/licenses.yaml
+++ b/licenses.yaml
@@ -237,7 +237,7 @@ name: Jackson
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.12.6.20220326
+version: 2.12.6
 libraries:
   - com.fasterxml.jackson.core: jackson-annotations
   - com.fasterxml.jackson.core: jackson-core
@@ -278,7 +278,7 @@ name: Jackson
 license_category: binary
 module: java-core
 license_name: Apache License version 2.0
-version: 2.12.6.20220326
+version: 2.12.6.1
 libraries:
   - com.fasterxml.jackson.core: jackson-databind
 notice: |