beam-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BEAM-2522) upgrading jackson
Date Tue, 27 Jun 2017 16:15:00 GMT

    [ https://issues.apache.org/jira/browse/BEAM-2522?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16065045#comment-16065045
] 

ASF GitHub Bot commented on BEAM-2522:
--------------------------------------

GitHub user antonymayi opened a pull request:

    https://github.com/apache/beam/pull/3451

    [BEAM-2522] upgrading jackson to 2.8.9 (mitigating #1599)

    Be sure to do all of the following to help us incorporate your contribution
    quickly and easily:
    
     - [ ] Make sure the PR title is formatted like:
       `[BEAM-<Jira issue #>] Description of pull request`
     - [ ] Make sure tests pass via `mvn clean verify`.
     - [ ] Replace `<Jira issue #>` in the title with the actual Jira issue
           number, if there is one.
     - [ ] If this contribution is large, please file an Apache
           [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
    
    ---


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/antonymayi/beam master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/beam/pull/3451.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3451
    
----
commit ca4f2798497c76a8b7a8c9818e2164c183288211
Author: Stepan Kadlec <stepan.kadlec@oracle.com>
Date:   2017-06-27T16:12:47Z

    [BEAM-2522] upgrading jackson to 2.8.9 (mitigating #1599)

----


> upgrading jackson
> -----------------
>
>                 Key: BEAM-2522
>                 URL: https://issues.apache.org/jira/browse/BEAM-2522
>             Project: Beam
>          Issue Type: Task
>          Components: sdk-java-core
>    Affects Versions: 2.0.0, 2.1.0
>            Reporter: Antony Mayi
>            Assignee: Antony Mayi
>            Priority: Minor
>              Labels: security
>
> please consider upgrading jackson to mitigate its [deserlization vulnerability in 2.8.8|https://github.com/FasterXML/jackson-databind/issues/1599]



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message