From fd60e9e8380af1c7680999cbb5bff8160ba3571a Mon Sep 17 00:00:00 2001 From: Qiang Zhao Date: Tue, 25 Apr 2023 17:22:41 +0800 Subject: [PATCH] [improve][build] Upgrade jackson version to 2.15.0 for CVE-2022-1471 (#20177) --- .../server/src/assemble/LICENSE.bin.txt | 22 +++++++-------- .../shell/src/assemble/LICENSE.bin.txt | 22 +++++++-------- pom.xml | 2 +- .../pulsar/common/util/FieldParser.java | 7 ++--- pulsar-sql/presto-distribution/LICENSE | 28 +++++++++---------- 5 files changed, 39 insertions(+), 42 deletions(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 26651246ddf48..312c79dee1ab6 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -246,17 +246,17 @@ The Apache Software License, Version 2.0 * JCommander -- com.beust-jcommander-1.82.jar * High Performance Primitive Collections for Java -- com.carrotsearch-hppc-0.9.1.jar * Jackson - - com.fasterxml.jackson.core-jackson-annotations-2.14.2.jar - - com.fasterxml.jackson.core-jackson-core-2.14.2.jar - - com.fasterxml.jackson.core-jackson-databind-2.14.2.jar - - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.14.2.jar - - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.14.2.jar - - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.14.2.jar - - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.14.2.jar - - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.14.2.jar - - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.14.2.jar - - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.14.2.jar - - com.fasterxml.jackson.module-jackson-module-parameter-names-2.14.2.jar + - com.fasterxml.jackson.core-jackson-annotations-2.15.0.jar + - com.fasterxml.jackson.core-jackson-core-2.15.0.jar + - com.fasterxml.jackson.core-jackson-databind-2.15.0.jar + - com.fasterxml.jackson.dataformat-jackson-dataformat-yaml-2.15.0.jar + - com.fasterxml.jackson.jaxrs-jackson-jaxrs-base-2.15.0.jar + - com.fasterxml.jackson.jaxrs-jackson-jaxrs-json-provider-2.15.0.jar + - com.fasterxml.jackson.module-jackson-module-jaxb-annotations-2.15.0.jar + - com.fasterxml.jackson.module-jackson-module-jsonSchema-2.15.0.jar + - com.fasterxml.jackson.datatype-jackson-datatype-jdk8-2.15.0.jar + - com.fasterxml.jackson.datatype-jackson-datatype-jsr310-2.15.0.jar + - com.fasterxml.jackson.module-jackson-module-parameter-names-2.15.0.jar * Caffeine -- com.github.ben-manes.caffeine-caffeine-2.9.1.jar * Conscrypt -- org.conscrypt-conscrypt-openjdk-uber-2.5.2.jar * Proto Google Common Protos -- com.google.api.grpc-proto-google-common-protos-2.0.1.jar diff --git a/distribution/shell/src/assemble/LICENSE.bin.txt b/distribution/shell/src/assemble/LICENSE.bin.txt index 711890809f1bf..11ef4f3d4e745 100644 --- a/distribution/shell/src/assemble/LICENSE.bin.txt +++ b/distribution/shell/src/assemble/LICENSE.bin.txt @@ -311,17 +311,17 @@ This projects includes binary packages with the following licenses: The Apache Software License, Version 2.0 * JCommander -- jcommander-1.82.jar * Jackson - - jackson-annotations-2.14.2.jar - - jackson-core-2.14.2.jar - - jackson-databind-2.14.2.jar - - jackson-dataformat-yaml-2.14.2.jar - - jackson-jaxrs-base-2.14.2.jar - - jackson-jaxrs-json-provider-2.14.2.jar - - jackson-module-jaxb-annotations-2.14.2.jar - - jackson-module-jsonSchema-2.14.2.jar - - jackson-datatype-jdk8-2.14.2.jar - - jackson-datatype-jsr310-2.14.2.jar - - jackson-module-parameter-names-2.14.2.jar + - jackson-annotations-2.15.0.jar + - jackson-core-2.15.0.jar + - jackson-databind-2.15.0.jar + - jackson-dataformat-yaml-2.15.0.jar + - jackson-jaxrs-base-2.15.0.jar + - jackson-jaxrs-json-provider-2.15.0.jar + - jackson-module-jaxb-annotations-2.15.0.jar + - jackson-module-jsonSchema-2.15.0.jar + - jackson-datatype-jdk8-2.15.0.jar + - jackson-datatype-jsr310-2.15.0.jar + - jackson-module-parameter-names-2.15.0.jar * Conscrypt -- conscrypt-openjdk-uber-2.5.2.jar * Gson - gson-2.8.9.jar diff --git a/pom.xml b/pom.xml index aef380c5cd09c..28155b20cb4f5 100644 --- a/pom.xml +++ b/pom.xml @@ -154,7 +154,7 @@ flexible messaging model and an intuitive client API. 1.69 1.0.6 1.0.2.3 - 2.14.2 + 2.15.0 0.10.2 1.6.2 8.37 diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java index 626a14b92eedd..c1c17419abbcb 100644 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java +++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/FieldParser.java @@ -21,8 +21,6 @@ import static com.google.common.base.Preconditions.checkArgument; import static java.lang.String.format; import static java.util.Objects.requireNonNull; -import com.fasterxml.jackson.databind.AnnotationIntrospector; -import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector; import com.fasterxml.jackson.databind.util.EnumResolver; import java.lang.reflect.Field; import java.lang.reflect.Method; @@ -58,8 +56,6 @@ public final class FieldParser { private static final Map CONVERTERS = new HashMap<>(); private static final Map, Class> WRAPPER_TYPES = new HashMap<>(); - private static final AnnotationIntrospector ANNOTATION_INTROSPECTOR = new JacksonAnnotationIntrospector(); - static { // Preload converters and wrapperTypes. initConverters(); @@ -100,7 +96,8 @@ public static T convert(Object from, Class to) { if (to.isEnum()) { // Converting string to enum - EnumResolver r = EnumResolver.constructUsingToString((Class>) to, ANNOTATION_INTROSPECTOR); + EnumResolver r = EnumResolver.constructUsingToString( + ObjectMapperFactory.getMapper().getObjectMapper().getDeserializationConfig(), to); T value = (T) r.findEnum((String) from); if (value == null) { throw new RuntimeException("Invalid value '" + from + "' for enum " + to); diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 09d1396b70419..407cd9a0eb9e4 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -207,19 +207,19 @@ This projects includes binary packages with the following licenses: The Apache Software License, Version 2.0 * Jackson - - jackson-annotations-2.14.2.jar - - jackson-core-2.14.2.jar - - jackson-databind-2.14.2.jar - - jackson-dataformat-smile-2.14.2.jar - - jackson-datatype-guava-2.14.2.jar - - jackson-datatype-jdk8-2.14.2.jar - - jackson-datatype-joda-2.14.2.jar - - jackson-datatype-jsr310-2.14.2.jar - - jackson-dataformat-yaml-2.14.2.jar - - jackson-jaxrs-base-2.14.2.jar - - jackson-jaxrs-json-provider-2.14.2.jar - - jackson-module-jaxb-annotations-2.14.2.jar - - jackson-module-jsonSchema-2.14.2.jar + - jackson-annotations-2.15.0.jar + - jackson-core-2.15.0.jar + - jackson-databind-2.15.0.jar + - jackson-dataformat-smile-2.15.0.jar + - jackson-datatype-guava-2.15.0.jar + - jackson-datatype-jdk8-2.15.0.jar + - jackson-datatype-joda-2.15.0.jar + - jackson-datatype-jsr310-2.15.0.jar + - jackson-dataformat-yaml-2.15.0.jar + - jackson-jaxrs-base-2.15.0.jar + - jackson-jaxrs-json-provider-2.15.0.jar + - jackson-module-jaxb-annotations-2.15.0.jar + - jackson-module-jsonSchema-2.15.0.jar * Guava - guava-31.0.1-jre.jar - listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar @@ -456,7 +456,7 @@ The Apache Software License, Version 2.0 * Snappy - snappy-java-1.1.8.4.jar * Jackson - - jackson-module-parameter-names-2.14.2.jar + - jackson-module-parameter-names-2.15.0.jar * Java Assist - javassist-3.25.0-GA.jar * Java Native Access