From bcd3b3a848c9ea3e13cb7dc4b3bbd9c0ef6b327e Mon Sep 17 00:00:00 2001
From: Kieren Davies <kieren@kdavi.es>
Date: Tue, 8 Sep 2020 10:40:07 +0200
Subject: [PATCH 1/2] Upgrade SnakeYAML to v2.1 (#17446)

(cherry picked from commit a46f841f75ca0c28fe1be5199cb606ec80309bf4)
---
 .../config/AbstractYamlConfigRootTagRecognizer.java        | 4 ++--
 .../main/java/com/hazelcast/internal/yaml/YamlLoader.java  | 7 +++----
 pom.xml                                                    | 2 +-
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/hazelcast/src/main/java/com/hazelcast/internal/config/AbstractYamlConfigRootTagRecognizer.java b/hazelcast/src/main/java/com/hazelcast/internal/config/AbstractYamlConfigRootTagRecognizer.java
index 59dd2f6fbed6..073da51325ab 100644
--- a/hazelcast/src/main/java/com/hazelcast/internal/config/AbstractYamlConfigRootTagRecognizer.java
+++ b/hazelcast/src/main/java/com/hazelcast/internal/config/AbstractYamlConfigRootTagRecognizer.java
@@ -22,8 +22,8 @@
 import com.hazelcast.internal.yaml.YamlLoader;
 import com.hazelcast.logging.ILogger;
 import com.hazelcast.logging.Logger;
-import org.snakeyaml.engine.v1.api.ConstructNode;
-import org.snakeyaml.engine.v1.api.LoadSettingsBuilder;
+import org.snakeyaml.engine.v2.api.ConstructNode;
+import org.snakeyaml.engine.v2.api.LoadSettingsBuilder;
 
 import java.util.Optional;
 
diff --git a/hazelcast/src/main/java/com/hazelcast/internal/yaml/YamlLoader.java b/hazelcast/src/main/java/com/hazelcast/internal/yaml/YamlLoader.java
index 069ebd5ad646..0813d98fcb57 100644
--- a/hazelcast/src/main/java/com/hazelcast/internal/yaml/YamlLoader.java
+++ b/hazelcast/src/main/java/com/hazelcast/internal/yaml/YamlLoader.java
@@ -16,9 +16,8 @@
 
 package com.hazelcast.internal.yaml;
 
-import org.snakeyaml.engine.v1.api.Load;
-import org.snakeyaml.engine.v1.api.LoadSettings;
-import org.snakeyaml.engine.v1.api.LoadSettingsBuilder;
+import org.snakeyaml.engine.v2.api.Load;
+import org.snakeyaml.engine.v2.api.LoadSettings;
 
 import java.io.InputStream;
 import java.io.Reader;
@@ -144,7 +143,7 @@ public static YamlNode load(String yaml) {
     }
 
     private static Load getLoad() {
-        LoadSettings settings = new LoadSettingsBuilder().build();
+        LoadSettings settings = LoadSettings.builder().build();
         return new Load(settings);
     }
 
diff --git a/pom.xml b/pom.xml
index 04fed3ccf58b..9aa55e52ee24 100755
--- a/pom.xml
+++ b/pom.xml
@@ -112,7 +112,7 @@
         <jsr107.api.version>1.1.1</jsr107.api.version>
         <jsr107.tck.version>1.1.1</jsr107.tck.version>
 
-        <snakeyaml.engine.version>1.0</snakeyaml.engine.version>
+        <snakeyaml.engine.version>2.1</snakeyaml.engine.version>
 
         <h2.version>1.3.160</h2.version>
         <atomikos.version>3.9.3</atomikos.version>

From a5039d6ecc7a1d3eb019569d233268c4e4ed72f5 Mon Sep 17 00:00:00 2001
From: keith-f <k.s.flanagan@gmail.com>
Date: Tue, 8 Sep 2020 10:20:08 +0100
Subject: [PATCH 2/2] Updated to Jackson version to address a
 Twistlock-reported issue: CVE-2020-24616 (#17484)

(cherry picked from commit cad3caf25fb0539ba31d080931471ae726b49fed)
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9aa55e52ee24..7aa5a40c52d9 100755
--- a/pom.xml
+++ b/pom.xml
@@ -86,7 +86,7 @@
         <log4j2.version>2.13.0</log4j2.version>
         <slf4j.api.version>1.7.25</slf4j.api.version>
 
-        <jackson.version>2.9.7</jackson.version>
+        <jackson.version>2.11.2</jackson.version>
         <junit.version>4.12</junit.version>
         <hamcrest.version>1.3</hamcrest.version>
         <mockito.version>2.19.0</mockito.version>