honeymoose
/
jjwt
mirror of https://github.com/jwtk/jjwt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #463 from jwtk/461-jackson-upgrade 

Issue 461: upgraded Jackson version to 2.9.9.1. Fixes #461.
This commit is contained in:
Les Hazlewood 2019-07-11 16:45:23 -04:00 committed by GitHub
parent 86b6096946 4ae8f6d9c9
commit 41f81570e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -5,6 +5,12 @@
This patch release fixes a [memory leak](https://github.com/jwtk/jjwt/issues/392) found in the DEFLATE compression
codec implementation.
It also updates the Jackson dependency version to [2.9.9.1](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
to address three security vulnerabilities in Jackson:
[CVE-2019-12086](https://nvd.nist.gov/vuln/detail/CVE-2019-12086),
[CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384), and
[CVE-2019-12814](https://nvd.nist.gov/vuln/detail/CVE-2019-12814).
### 0.10.6
This patch release updates the jackson-databind version to 2.9.8 to address a critical security vulnerability in that

2
pom.xml
View File

@ -88,7 +88,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<buildNumber>${user.name}-${maven.build.timestamp}</buildNumber>
<jackson.version>2.9.8</jackson.version>
<jackson.version>2.9.9.1</jackson.version>
<orgjson.version>20180130</orgjson.version>
<!-- Optional Runtime Dependencies: -->