From bfb76e062213009306433eedb1da9d138e9c0172 Mon Sep 17 00:00:00 2001
From: Andrew Purtell <apurtell@apache.org>
Date: Tue, 11 Oct 2022 00:40:33 +0000
Subject: [PATCH] HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150

Jettison versions <= 1.5.0 are subject to CVE-2022-40149 and CVE-2022-40150.

Move jettison.version to 1.5.1.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 68862c924082..1bc1d584c2ec 100644
--- a/pom.xml
+++ b/pom.xml
@@ -814,7 +814,7 @@
     <slf4j.version>1.7.30</slf4j.version>
     <clover.version>4.0.3</clover.version>
     <jamon-runtime.version>2.4.1</jamon-runtime.version>
-    <jettison.version>1.3.8</jettison.version>
+    <jettison.version>1.5.1</jettison.version>
     <!--Make sure these joni/jcodings are compatible with the versions used by jruby-->
     <joni.version>2.1.42</joni.version>
     <jcodings.version>1.0.56</jcodings.version>