Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to the Latest Jackson 2.13.x Releases #33578

Merged
merged 1 commit into from Feb 21, 2023
Merged

Update to the Latest Jackson 2.13.x Releases #33578

merged 1 commit into from Feb 21, 2023

Conversation

alzimmermsft
Copy link
Member

Description

Fixes #33546

Updates to the latest 2.13.x releases of Jackson, which allows for the removal of a direct dependency on woodstox-core 6.4.0 as jackson-dataformat-xml 2.13.5 uses woodstox-core 6.4.0 instead of 6.3.1 which was affected by CVE-2022-40152.

All SDK Contribution checklist:

  • The pull request does not introduce [breaking changes]
  • CHANGELOG is updated for new features, bug fixes or other significant changes.
  • I have read the contribution guidelines.

General Guidelines and Best Practices

  • Title of the pull request is clear and informative.
  • There are a small number of commits, each of which have an informative message. This means that previously merged commits do not appear in the history of the PR. For more information on cleaning up the commits in your PR, see this page.

Testing Guidelines

  • Pull request includes test coverage for the included changes.

@alzimmermsft alzimmermsft added Client This issue points to a problem in the data-plane of the library. dependencies Pull requests that update a dependency file labels Feb 17, 2023
@alzimmermsft alzimmermsft self-assigned this Feb 17, 2023
@ghost ghost added Batch Azure.Core azure-core Cosmos azure-spring All azure-spring related issues Digital Twins KeyVault Schema Registry Service Bus Storage Storage Service (Queues, Blobs, Files) labels Feb 17, 2023
@azure-sdk
Copy link
Collaborator

API change check

API changes are not detected in this pull request.

@alzimmermsft alzimmermsft marked this pull request as ready for review February 17, 2023 16:11
@alzimmermsft alzimmermsft merged commit 5ff4098 into Azure:main Feb 21, 2023
@alzimmermsft alzimmermsft deleted the AzVersion_UpdateToLatestJackson213 branch February 21, 2023 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srnagar srnagar srnagar approved these changes

@vcolin7 vcolin7 Awaiting requested review from vcolin7 vcolin7 is a code owner

@JonathanGiles JonathanGiles Awaiting requested review from JonathanGiles JonathanGiles is a code owner

@samvaity samvaity Awaiting requested review from samvaity samvaity is a code owner

@g2vinay g2vinay Awaiting requested review from g2vinay g2vinay is a code owner

@backwind1233 backwind1233 Awaiting requested review from backwind1233

@chenrujun chenrujun Awaiting requested review from chenrujun chenrujun is a code owner

@hui1110 hui1110 Awaiting requested review from hui1110

@Netyyyy Netyyyy Awaiting requested review from Netyyyy Netyyyy is a code owner

@saragluna saragluna Awaiting requested review from saragluna saragluna is a code owner

@stliu stliu Awaiting requested review from stliu

@yiliuTo yiliuTo Awaiting requested review from yiliuTo

@moarychan moarychan Awaiting requested review from moarychan moarychan is a code owner

@fangjian0423 fangjian0423 Awaiting requested review from fangjian0423

@conniey conniey Awaiting requested review from conniey conniey is a code owner

@jairmyree jairmyree Awaiting requested review from jairmyree jairmyree is a code owner

@ibrahimrabab ibrahimrabab Awaiting requested review from ibrahimrabab ibrahimrabab is a code owner

@jaschrep-msft jaschrep-msft Awaiting requested review from jaschrep-msft

@anuchandy anuchandy Awaiting requested review from anuchandy anuchandy is a code owner

@ki1729 ki1729 Awaiting requested review from ki1729

@liukun-msft liukun-msft Awaiting requested review from liukun-msft

@ZejiaJiang ZejiaJiang Awaiting requested review from ZejiaJiang

@sjkwak sjkwak Awaiting requested review from sjkwak

@drwill-ms drwill-ms Awaiting requested review from drwill-ms drwill-ms is a code owner

@timtay-microsoft timtay-microsoft Awaiting requested review from timtay-microsoft timtay-microsoft is a code owner

@abhipsaMisra abhipsaMisra Awaiting requested review from abhipsaMisra abhipsaMisra is a code owner

@digimaun digimaun Awaiting requested review from digimaun digimaun is a code owner

@andyk-ms andyk-ms Awaiting requested review from andyk-ms andyk-ms is a code owner

@brycewang-microsoft brycewang-microsoft Awaiting requested review from brycewang-microsoft brycewang-microsoft is a code owner

@johngallardo johngallardo Awaiting requested review from johngallardo johngallardo is a code owner

@abhinav-ghai abhinav-ghai Awaiting requested review from abhinav-ghai abhinav-ghai is a code owner

@Aashish93-stack Aashish93-stack Awaiting requested review from Aashish93-stack Aashish93-stack is a code owner

@sjiherzig sjiherzig Awaiting requested review from sjiherzig sjiherzig is a code owner

@kushagraThapar kushagraThapar Awaiting requested review from kushagraThapar kushagraThapar is a code owner

@FabianMeiswinkel FabianMeiswinkel Awaiting requested review from FabianMeiswinkel FabianMeiswinkel is a code owner

@xinlian12 xinlian12 Awaiting requested review from xinlian12 xinlian12 is a code owner

@aayush3011 aayush3011 Awaiting requested review from aayush3011 aayush3011 is a code owner

@simorenoh simorenoh Awaiting requested review from simorenoh simorenoh is a code owner

@jeet1995 jeet1995 Awaiting requested review from jeet1995 jeet1995 is a code owner

@Pilchie Pilchie Awaiting requested review from Pilchie Pilchie is a code owner

@kirankumarkolli kirankumarkolli Awaiting requested review from kirankumarkolli kirankumarkolli is a code owner

@milismsft milismsft Awaiting requested review from milismsft milismsft is a code owner

@lmolkova lmolkova Awaiting requested review from lmolkova lmolkova is a code owner

@mssfang mssfang Awaiting requested review from mssfang mssfang is a code owner

@billwert billwert Awaiting requested review from billwert billwert is a code owner

@gingi gingi Awaiting requested review from gingi

@paterasMSFT paterasMSFT Awaiting requested review from paterasMSFT

@dpwatrous dpwatrous Awaiting requested review from dpwatrous dpwatrous is a code owner

@joshfree joshfree Awaiting requested review from joshfree joshfree is a code owner

Assignees

@alzimmermsft alzimmermsft

Labels
Azure.Core azure-core azure-spring All azure-spring related issues Batch Client This issue points to a problem in the data-plane of the library. Cosmos dependencies Pull requests that update a dependency file Digital Twins KeyVault Schema Registry Service Bus Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CVE-2022-40152 - High vulnerability issue with jackson-dataformat-xml
3 participants
@alzimmermsft @azure-sdk @srnagar