HBASE-27424 Upgrade Jettison for CVE-2022-40149/40150 (#4822)

Jettison versions <= 1.5.0 are subject to CVE-2022-40149 and CVE-2022-40150.

Move jettison.version to 1.5.1.

Signed-off-by: Duo Zhang <zhangduo@apache.org>
This commit is contained in:
Andrew Purtell 2022-10-11 10:11:12 -07:00 committed by GitHub
parent 79f853ee7c
commit f47a52b5f9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

View File

@ -814,7 +814,7 @@
<slf4j.version>1.7.30</slf4j.version> <slf4j.version>1.7.30</slf4j.version>
<clover.version>4.0.3</clover.version> <clover.version>4.0.3</clover.version>
<jamon-runtime.version>2.4.1</jamon-runtime.version> <jamon-runtime.version>2.4.1</jamon-runtime.version>
<jettison.version>1.3.8</jettison.version> <jettison.version>1.5.1</jettison.version>
<!--Make sure these joni/jcodings are compatible with the versions used by jruby--> <!--Make sure these joni/jcodings are compatible with the versions used by jruby-->
<joni.version>2.1.42</joni.version> <joni.version>2.1.42</joni.version>
<jcodings.version>1.0.56</jcodings.version> <jcodings.version>1.0.56</jcodings.version>