Fix Jackson databind security issue (#4370)

* fix jackson databind security issue * update groovy sample * fix groovy dep version
2019-11-06 10:27:08 +08:00
parent 16ad66759b
commit c4f0b09459
47 changed files with 49 additions and 47 deletions
--- a/samples/client/petstore/java/jersey2-java6/build.sbt
+++ b/samples/client/petstore/java/jersey2-java6/build.sbt
@@ -15,7 +15,7 @@ lazy val root = (project in file(".")).
      "org.glassfish.jersey.media" % "jersey-media-json-jackson" % "2.6",
      "com.fasterxml.jackson.core" % "jackson-core" % "2.9.10" % "compile",
      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.9.10" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.10" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-databind" % "2.9.10.1" % "compile",
      "com.github.joschi.jackson" % "jackson-datatype-threetenbp" % "2.9.10" % "compile",
      "com.brsanthu" % "migbase64" % "2.2",
      "org.apache.commons" % "commons-lang3" % "3.6",
--- a/samples/client/petstore/java/jersey2-java6/pom.xml
+++ b/samples/client/petstore/java/jersey2-java6/pom.xml
@@ -291,7 +291,7 @@
        <commons_io_version>2.5</commons_io_version>
        <commons_lang3_version>3.6</commons_lang3_version>
        <jackson-version>2.9.10</jackson-version>
-        <jackson-databind-version>2.9.10</jackson-databind-version>
+        <jackson-databind-version>2.9.10.1</jackson-databind-version>
        <jackson-databind-nullable-version>0.2.0</jackson-databind-nullable-version>
        <threetenbp-version>2.9.10</threetenbp-version>
        <maven-plugin-version>1.0.0</maven-plugin-version>