ref CVE-2020-25649 - jackson 2.11.4

modules/swagger-codegen-maven-plugin/examples/java-client.xml

@@ -43,7 +43,7 @@
     </build>
     <dependencies>
          <!-- dependencies are needed for the client being generated -->
-         
+
         <dependency>
           <groupId>io.swagger</groupId>
           <artifactId>swagger-annotations</artifactId>
@@ -52,7 +52,7 @@
 
         <!-- You can find the dependencies for the library configuation you chose by looking in JavaClientCodegen.
              Then find the corresponding dependency on Maven Central, and set the versions in the property section below -->
-                
+
         <!-- HTTP client: jersey-client -->
         <dependency>
           <groupId>org.glassfish.jersey.core</groupId>
@@ -96,7 +96,7 @@
           <artifactId>jackson-jaxrs-json-provider</artifactId>
           <version>${jackson-version}</version>
         </dependency>
-        
+
         <!-- Joda time: if you use it -->
         <dependency>
           <groupId>com.fasterxml.jackson.datatype</groupId>
@@ -107,20 +107,20 @@
           <groupId>joda-time</groupId>
           <artifactId>joda-time</artifactId>
           <version>${jodatime-version}</version>
-        </dependency>          
+        </dependency>
 
         <!-- Base64 encoding that works in both JVM and Android -->
         <dependency>
             <groupId>com.brsanthu</groupId>
             <artifactId>migbase64</artifactId>
             <version>2.2</version>
-        </dependency>       
+        </dependency>
     </dependencies>
-    
+
     <properties>
         <swagger-annotations-version>1.5.21</swagger-annotations-version>
         <jersey-version>2.29.1</jersey-version>
-        <jackson-version>2.10.1</jackson-version>
+        <jackson-version>2.11.4</jackson-version>
         <jodatime-version>2.7</jodatime-version>
         <maven-plugin-version>1.0.0</maven-plugin-version>
         <junit-version>4.13.1</junit-version>

modules/swagger-codegen/src/main/java/io/swagger/codegen/languages/JavaClientCodegen.java

@@ -74,16 +74,16 @@ public JavaClientCodegen() {
         cliOptions.add(CliOption.newBoolean(USE_GZIP_FEATURE, "Send gzip-encoded requests"));
         cliOptions.add(CliOption.newBoolean(USE_RUNTIME_EXCEPTION, "Use RuntimeException instead of Exception"));
 
-        supportedLibraries.put("jersey1", "HTTP client: Jersey client 1.19.4. JSON processing: Jackson 2.10.1. Enable Java6 support using '-DsupportJava6=true'. Enable gzip request encoding using '-DuseGzipFeature=true'.");
-        supportedLibraries.put("feign", "HTTP client: OpenFeign 9.4.0. JSON processing: Jackson 2.10.1");
-        supportedLibraries.put("jersey2", "HTTP client: Jersey client 2.29.1. JSON processing: Jackson 2.10.1");
+        supportedLibraries.put("jersey1", "HTTP client: Jersey client 1.19.4. JSON processing: Jackson 2.11.4. Enable Java6 support using '-DsupportJava6=true'. Enable gzip request encoding using '-DuseGzipFeature=true'.");
+        supportedLibraries.put("feign", "HTTP client: OpenFeign 9.4.0. JSON processing: Jackson 2.11.4");
+        supportedLibraries.put("jersey2", "HTTP client: Jersey client 2.29.1. JSON processing: Jackson 2.11.4");
         supportedLibraries.put("okhttp-gson", "HTTP client: OkHttp 2.7.5. JSON processing: Gson 2.8.1. Enable Parcelable models on Android using '-DparcelableModel=true'. Enable gzip request encoding using '-DuseGzipFeature=true'.");
         supportedLibraries.put(RETROFIT_1, "HTTP client: OkHttp 2.7.5. JSON processing: Gson 2.3.1 (Retrofit 1.9.0). IMPORTANT NOTE: retrofit1.x is no longer actively maintained so please upgrade to 'retrofit2' instead.");
         supportedLibraries.put(RETROFIT_2, "HTTP client: OkHttp 3.8.0. JSON processing: Gson 2.6.1 (Retrofit 2.3.0). Enable the RxJava adapter using '-DuseRxJava[2]=true'. (RxJava 1.x or 2.x)");
-        supportedLibraries.put("resttemplate", "HTTP client: Spring RestTemplate 4.3.9-RELEASE. JSON processing: Jackson 2.10.1");
-        supportedLibraries.put("resteasy", "HTTP client: Resteasy client 3.1.3.Final. JSON processing: Jackson 2.10.1");
-        supportedLibraries.put("vertx", "HTTP client: VertX client 3.2.4. JSON processing: Jackson 2.10.1");
-        supportedLibraries.put("google-api-client", "HTTP client: Google API client 1.23.0. JSON processing: Jackson 2.10.1");
+        supportedLibraries.put("resttemplate", "HTTP client: Spring RestTemplate 4.3.9-RELEASE. JSON processing: Jackson 2.11.4");
+        supportedLibraries.put("resteasy", "HTTP client: Resteasy client 3.1.3.Final. JSON processing: Jackson 2.11.4");
+        supportedLibraries.put("vertx", "HTTP client: VertX client 3.2.4. JSON processing: Jackson 2.11.4");
+        supportedLibraries.put("google-api-client", "HTTP client: Google API client 1.23.0. JSON processing: Jackson 2.11.4");
         supportedLibraries.put("rest-assured", "HTTP client: rest-assured : 3.1.0. JSON processing: Gson 2.6.1. Only for Java8");
 
         CliOption libraryOption = new CliOption(CodegenConstants.LIBRARY, "library template (sub-template) to use");

modules/swagger-codegen/src/main/resources/Groovy/build.gradle.mustache

@@ -24,7 +24,7 @@ repositories {
 
 ext {
     swagger_annotations_version = "1.5.8"
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
 }
 
 dependencies {

modules/swagger-codegen/src/main/resources/Java/build.gradle.mustache

@@ -102,7 +102,7 @@ if(hasProperty('target') && target == 'android') {
        main = System.getProperty('mainClass')
        classpath = sourceSets.main.runtimeClasspath
     }
-    
+
     task sourcesJar(type: Jar, dependsOn: classes) {
         classifier = 'sources'
         from sourceSets.main.allSource
@@ -121,7 +121,7 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.24"
-    jackson_version = "{{^threetenbp}}2.10.1{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}"
+    jackson_version = "{{^threetenbp}}2.11.4{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}"
     jersey_version = "1.19.4"
     jodatime_version = "2.10.5"
     junit_version = "4.12"

modules/swagger-codegen/src/main/resources/Java/libraries/feign/build.gradle.mustache

@@ -101,7 +101,7 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.9"
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
     {{#threetenbp}}
     threepane_version = "2.6.4"
     {{/threetenbp}}

modules/swagger-codegen/src/main/resources/Java/libraries/feign/build.sbt.mustache

@@ -14,10 +14,10 @@ lazy val root = (project in file(".")).
       "io.github.openfeign" % "feign-jackson" % "9.4.0" % "compile",
       "io.github.openfeign" % "feign-slf4j" % "9.4.0" % "compile",
       "io.github.openfeign.form" % "feign-form" % "2.1.0" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-core" % "2.10.1" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.10.1" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-databind" % "2.10.1" % "compile",
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-{{^java8}}joda{{/java8}}{{#java8}}jsr310{{/java8}}" % "2.10.1" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-core" % "2.11.4" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.11.4" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-databind" % "2.11.4" % "compile",
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-{{^java8}}joda{{/java8}}{{#java8}}jsr310{{/java8}}" % "2.11.4" % "compile",
       "org.apache.oltu.oauth2" % "org.apache.oltu.oauth2.client" % "1.0.1" % "compile",
       "com.brsanthu" % "migbase64" % "2.2" % "compile",
       "junit" % "junit" % "4.12" % "test",

modules/swagger-codegen/src/main/resources/Java/libraries/feign/pom.mustache

@@ -297,7 +297,7 @@
         <swagger-core-version>1.5.24</swagger-core-version>
         <feign-version>9.4.0</feign-version>
         <feign-form-version>2.1.0</feign-form-version>
-        <jackson-version>2.10.1</jackson-version>
+        <jackson-version>2.11.4</jackson-version>
         {{#threetenbp}}
             <jackson-threetenbp-version>2.6.4</jackson-threetenbp-version>
         {{/threetenbp}}

modules/swagger-codegen/src/main/resources/Java/libraries/google-api-client/build.gradle.mustache

@@ -23,7 +23,7 @@ if(hasProperty('target') && target == 'android') {
 
     apply plugin: 'com.android.library'
     apply plugin: 'com.github.dcendents.android-maven'
-    
+
     android {
         compileSdkVersion 23
         buildToolsVersion '23.0.2'
@@ -41,7 +41,7 @@ if(hasProperty('target') && target == 'android') {
             targetCompatibility JavaVersion.VERSION_1_7
             {{/java8}}
         }
-    
+
         // Rename the aar correctly
         libraryVariants.all { variant ->
             variant.outputs.each { output ->
@@ -57,7 +57,7 @@ if(hasProperty('target') && target == 'android') {
             provided 'javax.annotation:jsr250-api:1.0'
         }
     }
-    
+
     afterEvaluate {
         android.libraryVariants.all { variant ->
             def task = project.tasks.create "jar${variant.name.capitalize()}", Jar
@@ -69,12 +69,12 @@ if(hasProperty('target') && target == 'android') {
             artifacts.add('archives', task);
         }
     }
-    
+
     task sourcesJar(type: Jar) {
         from android.sourceSets.main.java.srcDirs
         classifier = 'sources'
     }
-    
+
     artifacts {
         archives sourcesJar
     }
@@ -98,7 +98,7 @@ if(hasProperty('target') && target == 'android') {
             pom.artifactId = '{{artifactId}}'
         }
     }
-    
+
     task execute(type:JavaExec) {
        main = System.getProperty('mainClass')
        classpath = sourceSets.main.runtimeClasspath
@@ -107,7 +107,7 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.24"
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
     google_api_client_version = "1.23.0"
     jersey_common_version = "2.29.1"
     jodatime_version = "2.10.5"

modules/swagger-codegen/src/main/resources/Java/libraries/google-api-client/build.sbt.mustache

@@ -12,17 +12,17 @@ lazy val root = (project in file(".")).
       "io.swagger" % "swagger-annotations" % "1.5.17",
       "com.google.api-client" % "google-api-client" % "1.23.0",
       "org.glassfish.jersey.core" % "jersey-common" % "2.29.1",
-      "com.fasterxml.jackson.core" % "jackson-core" % "2.10.1" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.10.1" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-databind" % "2.10.1" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-core" % "2.11.4" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.11.4" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-databind" % "2.11.4" % "compile",
       {{#withXml}}
-      "com.fasterxml.jackson.dataformat" % "jackson-dataformat-xml" % "2.10.1" % "compile",
+      "com.fasterxml.jackson.dataformat" % "jackson-dataformat-xml" % "2.11.4" % "compile",
       {{/withXml}}
       {{#joda}}
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-joda" % "2.10.1" % "compile",
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-joda" % "2.11.4" % "compile",
       {{/joda}}
       {{#java8}}
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.10.1" % "compile",
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.11.4" % "compile",
       {{/java8}}
       {{#threetenbp}}
       "com.github.joschi.jackson" % "jackson-datatype-threetenbp" % "2.6.4" % "compile",

modules/swagger-codegen/src/main/resources/Java/libraries/google-api-client/pom.mustache

@@ -286,7 +286,7 @@
         <swagger-annotations-version>1.5.17</swagger-annotations-version>
         <google-api-client-version>1.23.0</google-api-client-version>
         <jersey-common-version>2.29.1</jersey-common-version>
-        <jackson-version>2.10.1</jackson-version>
+        <jackson-version>2.11.4</jackson-version>
         {{#joda}}
             <jodatime-version>2.10.5</jodatime-version>
         {{/joda}}

modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/build.gradle.mustache

@@ -106,7 +106,7 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.24"
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
     {{#supportJava6}}
     jersey_version = "2.6"
     commons_io_version=2.5

modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/build.sbt.mustache

@@ -14,14 +14,14 @@ lazy val root = (project in file(".")).
       "org.glassfish.jersey.media" % "jersey-media-multipart" % {{#supportJava6}}"2.6"{{/supportJava6}}{{^supportJava6}}"2.29.1"{{/supportJava6}},
       {{^supportJava6}}"org.glassfish.jersey.inject" % "jersey-hk2" % "2.29.1",{{/supportJava6}}
       "org.glassfish.jersey.media" % "jersey-media-json-jackson" % {{#supportJava6}}"2.6"{{/supportJava6}}{{^supportJava6}}"2.29.1"{{/supportJava6}},
-      "com.fasterxml.jackson.core" % "jackson-core" % "{{^threetenbp}}2.10.1{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-annotations" % "{{^threetenbp}}2.10.1{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-databind" % "{{^threetenbp}}2.10.1{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-core" % "{{^threetenbp}}2.11.4{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-annotations" % "{{^threetenbp}}2.11.4{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-databind" % "{{^threetenbp}}2.11.4{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}" % "compile",
       {{#joda}}
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-joda" % "2.10.1" % "compile",
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-joda" % "2.11.4" % "compile",
       {{/joda}}
       {{#java8}}
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.10.1" % "compile",
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.11.4" % "compile",
       {{/java8}}
       {{#threetenbp}}
       "com.github.joschi.jackson" % "jackson-datatype-threetenbp" % "2.6.4" % "compile",

modules/swagger-codegen/src/main/resources/Java/libraries/jersey2/pom.mustache

@@ -327,7 +327,7 @@
             <commons_io_version>2.5</commons_io_version>
             <commons_lang3_version>3.6</commons_lang3_version>
         {{/supportJava6}}
-        <jackson-version>{{^threetenbp}}2.10.1{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}</jackson-version>
+        <jackson-version>{{^threetenbp}}2.11.4{{/threetenbp}}{{#threetenbp}}2.6.4{{/threetenbp}}</jackson-version>
         <maven-plugin-version>1.0.0</maven-plugin-version>
         <junit-version>4.13.1</junit-version>
     </properties>

modules/swagger-codegen/src/main/resources/Java/libraries/okhttp-gson/pom.mustache

@@ -240,7 +240,7 @@
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
                 <artifactId>jackson-annotations</artifactId>
-                <version>2.10.1</version>
+                <version>2.11.4</version>
             </dependency>
         {{/notNullJacksonAnnotation}}
         {{#performBeanValidation}}

modules/swagger-codegen/src/main/resources/Java/libraries/resteasy/build.gradle.mustache

@@ -106,7 +106,7 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.8"
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
     threetenbp_version = "2.6.4"
     jersey_version = "2.22.2"
     resteasy_version = "3.1.3.Final"

modules/swagger-codegen/src/main/resources/Java/libraries/resteasy/build.sbt.mustache

@@ -13,14 +13,14 @@ lazy val root = (project in file(".")).
       "org.glassfish.jersey.core" % "jersey-client" % "2.22.2",
       "org.glassfish.jersey.media" % "jersey-media-multipart" % "2.22.2",
       "org.glassfish.jersey.media" % "jersey-media-json-jackson" % "2.22.2",
-      "com.fasterxml.jackson.core" % "jackson-core" % "2.10.1",
-      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.10.1",
-      "com.fasterxml.jackson.core" % "jackson-databind" % "2.10.1",
+      "com.fasterxml.jackson.core" % "jackson-core" % "2.11.4",
+      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.11.4",
+      "com.fasterxml.jackson.core" % "jackson-databind" % "2.11.4",
       {{#java8}}
-	  "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.10.1",
+	  "com.fasterxml.jackson.datatype" % "jackson-datatype-jsr310" % "2.11.4",
 	  {{/java8}}
 	  {{^java8}}
-      "com.fasterxml.jackson.datatype" % "jackson-datatype-joda" % "2.10.1",
+      "com.fasterxml.jackson.datatype" % "jackson-datatype-joda" % "2.11.4",
       "joda-time" % "joda-time" % "2.9.4",
       "com.brsanthu" % "migbase64" % "2.2",
       {{/java8}}

modules/swagger-codegen/src/main/resources/Java/libraries/resteasy/pom.mustache

@@ -249,7 +249,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <swagger-core-version>1.5.24</swagger-core-version>
         <resteasy-version>3.1.3.Final</resteasy-version>
-        <jackson-version>2.10.1</jackson-version>
+        <jackson-version>2.11.4</jackson-version>
         <threetenbp-version>2.6.4</threetenbp-version>
         {{^java8}}
         <jodatime-version>2.10.5</jodatime-version>

modules/swagger-codegen/src/main/resources/Java/libraries/resttemplate/build.gradle.mustache

@@ -23,7 +23,7 @@ if(hasProperty('target') && target == 'android') {
 
     apply plugin: 'com.android.library'
     apply plugin: 'com.github.dcendents.android-maven'
-    
+
     android {
         compileSdkVersion 23
         buildToolsVersion '23.0.2'
@@ -41,7 +41,7 @@ if(hasProperty('target') && target == 'android') {
             targetCompatibility JavaVersion.VERSION_1_7
             {{/java8}}
         }
-    
+
         // Rename the aar correctly
         libraryVariants.all { variant ->
             variant.outputs.each { output ->
@@ -57,7 +57,7 @@ if(hasProperty('target') && target == 'android') {
             provided 'javax.annotation:jsr250-api:1.0'
         }
     }
-    
+
     afterEvaluate {
         android.libraryVariants.all { variant ->
             def task = project.tasks.create "jar${variant.name.capitalize()}", Jar
@@ -69,12 +69,12 @@ if(hasProperty('target') && target == 'android') {
             artifacts.add('archives', task);
         }
     }
-    
+
     task sourcesJar(type: Jar) {
         from android.sourceSets.main.java.srcDirs
         classifier = 'sources'
     }
-    
+
     artifacts {
         archives sourcesJar
     }
@@ -98,7 +98,7 @@ if(hasProperty('target') && target == 'android') {
             pom.artifactId = '{{artifactId}}'
         }
     }
-    
+
     task execute(type:JavaExec) {
        main = System.getProperty('mainClass')
        classpath = sourceSets.main.runtimeClasspath
@@ -107,7 +107,7 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.24"
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
     spring_web_version = "4.3.9.RELEASE"
     jodatime_version = "2.10.5"
     junit_version = "4.12"

modules/swagger-codegen/src/main/resources/Java/libraries/resttemplate/pom.mustache

@@ -288,7 +288,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <swagger-annotations-version>1.5.17</swagger-annotations-version>
         <spring-web-version>4.3.9.RELEASE</spring-web-version>
-        <jackson-version>2.10.1</jackson-version>
+        <jackson-version>2.11.4</jackson-version>
         {{#joda}}
         <jodatime-version>2.10.5</jodatime-version>
         {{/joda}}

modules/swagger-codegen/src/main/resources/Java/libraries/retrofit2/build.gradle.mustache

@@ -104,11 +104,11 @@ ext {
     retrofit_version = "2.7.1"
     {{#usePlayWS}}
     {{#play24}}
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
     play_version = "2.4.11"
     {{/play24}}
     {{#play25}}
-    jackson_version = "2.10.1"
+    jackson_version = "2.11.4"
     play_version = "2.5.14"
     {{/play25}}
     {{/usePlayWS}}