From a6200f96c3993e02dd67ebf2d1e3d75c8505efdc Mon Sep 17 00:00:00 2001 From: Tyler Benson Date: Wed, 9 Oct 2019 12:04:45 +0200 Subject: [PATCH] Upgrade Jackson to 2.10.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is primarily motivated by new CVE’s. Upgrade jmxfetch to 0.32.1 which has the same change. --- dd-java-agent/agent-jmxfetch/agent-jmxfetch.gradle | 2 +- gradle/dependencies.gradle | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dd-java-agent/agent-jmxfetch/agent-jmxfetch.gradle b/dd-java-agent/agent-jmxfetch/agent-jmxfetch.gradle index db4dab87c3..37a8c2d659 100644 --- a/dd-java-agent/agent-jmxfetch/agent-jmxfetch.gradle +++ b/dd-java-agent/agent-jmxfetch/agent-jmxfetch.gradle @@ -4,7 +4,7 @@ plugins { apply from: "${rootDir}/gradle/java.gradle" dependencies { - compile('com.datadoghq:jmxfetch:0.32.0') { + compile('com.datadoghq:jmxfetch:0.32.1') { exclude group: 'org.slf4j', module: 'slf4j-log4j12' exclude group: 'log4j', module: 'log4j' } diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle index 219ffe7475..4aecc55866 100644 --- a/gradle/dependencies.gradle +++ b/gradle/dependencies.gradle @@ -9,7 +9,7 @@ ext { guava : "20.0", // Last version to support Java 7 // When upgrading for security fixes, ensure corresponding change is reflected in jmxfetch. - jackson : "2.9.9.3", // https://nvd.nist.gov/vuln/detail/CVE-2019-14379 + jackson : "2.10.0", // https://nvd.nist.gov/vuln/detail/CVE-2019-16942 et al spock : "1.3-groovy-$spockGroovyVer", groovy : groovyVer,