From 000e41672b830fc7539a596ddd165e5008c3fee6 Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@apache.org>
Date: Mon, 10 Jan 2022 13:54:51 +0200
Subject: [PATCH 1/2] [Security] Upgrade Jackson to 2.12.6

---
 pom.xml                                | 4 ++--
 pulsar-sql/presto-distribution/pom.xml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6a599931ec84f..c7bb69efc4e45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -122,8 +122,8 @@ flexible messaging model and an intuitive client API.</description>
     <log4j2.version>2.17.1</log4j2.version>
     <bouncycastle.version>1.69</bouncycastle.version>
     <bouncycastlefips.version>1.0.2</bouncycastlefips.version>
-    <jackson.version>2.12.3</jackson.version>
-    <jackson.databind.version>2.12.3</jackson.databind.version>
+    <jackson.version>2.12.6</jackson.version>
+    <jackson.databind.version>2.12.6</jackson.databind.version>
     <reflections.version>0.9.11</reflections.version>
     <swagger.version>1.6.2</swagger.version>
     <puppycrawl.checkstyle.version>8.37</puppycrawl.checkstyle.version>
diff --git a/pulsar-sql/presto-distribution/pom.xml b/pulsar-sql/presto-distribution/pom.xml
index 4a80657b15579..e8f698e9e8f7e 100644
--- a/pulsar-sql/presto-distribution/pom.xml
+++ b/pulsar-sql/presto-distribution/pom.xml
@@ -39,10 +39,10 @@
     <objenesis.version>2.6</objenesis.version>
     <objectsize.version>0.0.12</objectsize.version>
     <guice.version>4.2.0</guice.version>
-    <jackson.version>2.12.3</jackson.version>
+    <jackson.version>2.12.6</jackson.version>
     <!--fix Security Vulnerabilities-->
     <!--https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/Fasterxml-Jackson-databind.html-->
-    <jackson.databind.version>2.12.3</jackson.databind.version>
+    <jackson.databind.version>2.12.6</jackson.databind.version>
     <maven.version>3.0.5</maven.version>
     <guava.version>30.1-jre</guava.version>
     <asynchttpclient.version>2.12.1</asynchttpclient.version>

From 77141b5adbf90f5e8e1bbf17e9fc0e9e81f8bfdf Mon Sep 17 00:00:00 2001
From: Lari Hotari <lhotari@apache.org>
Date: Mon, 10 Jan 2022 15:21:59 +0200
Subject: [PATCH 2/2] update LICENSE files

---
 .../server/src/assemble/LICENSE.bin.txt       | 16 +++++------
 pulsar-sql/presto-distribution/LICENSE        | 28 +++++++++----------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt
index 1620c9f61754f..b2c1da45aeadd 100644
--- a/distribution/server/src/assemble/LICENSE.bin.txt
+++ b/distribution/server/src/assemble/LICENSE.bin.txt
@@ -312,14 +312,14 @@ The Apache Software License, Version 2.0
  * JCommander -- com.beust-jcommander-1.78.jar
  * High Performance Primitive Collections for Java -- com.carrotsearch-hppc-0.7.3.jar
  * Jackson
-     - com.fasterxml.jackson.core-jackson-annotations-2.12.3.jar
-     - com.fasterxml.jackson.core-jackson-core-2.12.3.jar
-     - com.fasterxml.jackson.core-jackson-databind-2.12.3.jar
-     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.12.3.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.12.3.jar
-     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.12.3.jar
-     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.12.3.jar
-     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.12.3.jar
+     - com.fasterxml.jackson.core-jackson-annotations-2.12.6.jar
+     - com.fasterxml.jackson.core-jackson-core-2.12.6.jar
+     - com.fasterxml.jackson.core-jackson-databind-2.12.6.jar
+     - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.12.6.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.12.6.jar
+     - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.12.6.jar
+     - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.12.6.jar
+     - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.12.6.jar
  * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar
  * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar
  * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-1.17.0.jar
diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE
index a988218649c3a..69c387bb5c53b 100644
--- a/pulsar-sql/presto-distribution/LICENSE
+++ b/pulsar-sql/presto-distribution/LICENSE
@@ -207,19 +207,19 @@ This projects includes binary packages with the following licenses:
 The Apache Software License, Version 2.0
 
   * Jackson
-    - jackson-annotations-2.12.3.jar
-    - jackson-core-2.12.3.jar
-    - jackson-databind-2.12.3.jar
-    - jackson-dataformat-smile-2.12.3.jar
-    - jackson-datatype-guava-2.12.3.jar
-    - jackson-datatype-jdk8-2.12.3.jar
-    - jackson-datatype-joda-2.12.3.jar
-    - jackson-datatype-jsr310-2.12.3.jar
-    - jackson-dataformat-yaml-2.12.3.jar
-    - jackson-jaxrs-base-2.12.3.jar
-    - jackson-jaxrs-json-provider-2.12.3.jar
-    - jackson-module-jaxb-annotations-2.12.3.jar
-    - jackson-module-jsonSchema-2.12.3.jar
+    - jackson-annotations-2.12.6.jar
+    - jackson-core-2.12.6.jar
+    - jackson-databind-2.12.6.jar
+    - jackson-dataformat-smile-2.12.6.jar
+    - jackson-datatype-guava-2.12.6.jar
+    - jackson-datatype-jdk8-2.12.6.jar
+    - jackson-datatype-joda-2.12.6.jar
+    - jackson-datatype-jsr310-2.12.6.jar
+    - jackson-dataformat-yaml-2.12.6.jar
+    - jackson-jaxrs-base-2.12.6.jar
+    - jackson-jaxrs-json-provider-2.12.6.jar
+    - jackson-module-jaxb-annotations-2.12.6.jar
+    - jackson-module-jsonSchema-2.12.6.jar
  * Guava
     - guava-30.1-jre.jar
     - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
@@ -440,7 +440,7 @@ The Apache Software License, Version 2.0
   * Snappy
     - snappy-java-1.1.7.jar
   * Jackson
-    - jackson-module-parameter-names-2.12.3.jar
+    - jackson-module-parameter-names-2.12.6.jar
   * Java Assist
     - javassist-3.25.0-GA.jar
   * Java Native Access