Upgrade Jackson Databind Version
This MR upgrades the Jackson Databind version to address CVE-2020-36518.
Dependency Information After the Upgrade
Branch: upgrade-jackson-databind
SHA: 47b891d4ae80b7abe03c191a9410c83ac9f0412a
Maven: 0.15.0-SNAPSHOT| Maven Dependencies | Root | testing/ |
|---|---|---|
| core-lib-azure | 0.15.2 | |
| core-lib-gcp | 0.15.0, 0.10.0 | 0.3.25 |
| os-core-lib-aws | 0.15.0 | 0.15.0 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.15.0 | 0.15.0, 0.3.18 |
| os-core-lib-ibm | 0.15.1 | 0.15.1 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.13.2.2, 2.9.9.3 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.13.3, 2.11.1 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.13.3, 2.11.2 |
Edited by David Diederich
Merge request reports
Activity
changed milestone to %M12 - Release 0.15
added no-detached-pipeline label
added 4 commits
-
7df9b37e...c5c7d562 - 2 commits from branch
master - 4d4a6381 - Directly specifying jackson databind version
- 47b891d4 - Merge remote-tracking branch 'origin/master' into upgrade-jackson-databind
-
7df9b37e...c5c7d562 - 2 commits from branch
mentioned in commit 3dcaf5fc
Please register or sign in to reply