Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) #240

reta · 2022-10-13T19:04:42Z

Description

Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) (see please FasterXML/jackson-databind#3621)

Issues Resolved

N/A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

…search-project#240) Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

…search-project#240) Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com>

…#234) * Add support to parse sub-aggregations from filter/nested aggregations Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Add USER_GUIDE.md Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Add DCO Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Add link to USER_GUIDE.md in README.md Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Add changelog and changelog verifier (#239) Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Set javadoc encoding to utf-8 (#50) (#241) Signed-off-by: Meetesh Kumawat<kmeetesh@gmail.com> Signed-off-by: meetesh <kmeetesh@gmail.com> Signed-off-by: Meetesh Kumawat<kmeetesh@gmail.com> Signed-off-by: meetesh <kmeetesh@gmail.com> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) (#240) Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Updates changelog for dependabot PRs (#247) * Updates changelog for dependabot PRs Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> * Adding dependabot label for workflow Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Update tests to use JUnit's Assert (#244) Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Update literature around changelog (#242) * Update literature Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> * Removing pr template and updating language Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Bump grgit-gradle from 4.0.1 to 5.0.0 (#243) * Bump grgit-gradle from 4.0.1 to 5.0.0 Bumps [grgit-gradle](https://github.com/ajoberstar/grgit) from 4.0.1 to 5.0.0. - [Release notes](https://github.com/ajoberstar/grgit/releases) - [Commits](ajoberstar/grgit@4.0.1...5.0.0) --- updated-dependencies: - dependency-name: org.ajoberstar.grgit:grgit-gradle dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Update changelog Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Add DCO Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Update CHANGELOG and README Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Add DCO Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Add DCO Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> * Fix CHANGLOG and README TOC Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> Signed-off-by: Abhinav Nath <abhinavnath@ymail.com> Signed-off-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Signed-off-by: Meetesh Kumawat<kmeetesh@gmail.com> Signed-off-by: meetesh <kmeetesh@gmail.com> Signed-off-by: Andriy Redko <andriy.redko@aiven.io> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Harsha Vamsi Kalluri <harshavamsi096@gmail.com> Co-authored-by: Meetesh Kumawat <kmeetesh@gmail.com> Co-authored-by: Andriy Redko <andriy.redko@aiven.io> Co-authored-by: Daniel (dB.) Doubrovkine <dblock@amazon.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>

reta requested review from a team and madhusudhankonda as code owners October 13, 2022 19:04

Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003)

a0e2444

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

reta force-pushed the update.jackson.2 branch from 0677aae to a0e2444 Compare October 13, 2022 19:05

dblock approved these changes Oct 14, 2022

View reviewed changes

VachaShah approved these changes Oct 14, 2022

View reviewed changes

VachaShah merged commit c56f8ae into opensearch-project:main Oct 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) #240

Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) #240

reta commented Oct 13, 2022

Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) #240

Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) #240

Conversation

reta commented Oct 13, 2022

Description

Issues Resolved