Skip to content

Commit c8f9b37

Browse files
sliedigsliedig
committed
fix(deps): patch CVEs in jackson-core and log4j-core
- jackson-core/databind/annotations: 2.18.4 -> 2.18.6 Fixes CVE: Number Length Constraint Bypass in Async Parser (High) - log4j-core/api/layout/slf4j: 2.25.1 -> 2.25.3 Fixes CVE: TLS hostname not verified in Socket Appender (Medium)
1 parent feef3c2 commit c8f9b37

5 files changed

Lines changed: 25 additions & 25 deletions

File tree

unicorn_approvals/ApprovalsService/pom.xml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -92,39 +92,39 @@
9292
<dependency>
9393
<groupId>com.fasterxml.jackson.core</groupId>
9494
<artifactId>jackson-databind</artifactId>
95-
<version>2.18.4</version>
95+
<version>2.18.6</version>
9696
</dependency>
9797
<dependency>
9898
<groupId>com.fasterxml.jackson.core</groupId>
9999
<artifactId>jackson-core</artifactId>
100-
<version>2.18.4</version>
100+
<version>2.18.6</version>
101101
</dependency>
102102
<dependency>
103103
<groupId>com.fasterxml.jackson.core</groupId>
104104
<artifactId>jackson-annotations</artifactId>
105-
<version>2.18.4</version>
105+
<version>2.18.6</version>
106106
</dependency>
107107

108108
<!-- Log4j -->
109109
<dependency>
110110
<groupId>org.apache.logging.log4j</groupId>
111111
<artifactId>log4j-api</artifactId>
112-
<version>2.25.1</version>
112+
<version>2.25.3</version>
113113
</dependency>
114114
<dependency>
115115
<groupId>org.apache.logging.log4j</groupId>
116116
<artifactId>log4j-core</artifactId>
117-
<version>2.25.1</version>
117+
<version>2.25.3</version>
118118
</dependency>
119119
<dependency>
120120
<groupId>org.apache.logging.log4j</groupId>
121121
<artifactId>log4j-layout-template-json</artifactId>
122-
<version>2.25.1</version>
122+
<version>2.25.3</version>
123123
</dependency>
124124
<dependency>
125125
<groupId>org.apache.logging.log4j</groupId>
126126
<artifactId>log4j-slf4j-impl</artifactId>
127-
<version>2.25.1</version>
127+
<version>2.25.3</version>
128128
</dependency>
129129

130130

unicorn_contracts/ContractsService/pom.xml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -55,39 +55,39 @@
5555
<dependency>
5656
<groupId>com.fasterxml.jackson.core</groupId>
5757
<artifactId>jackson-databind</artifactId>
58-
<version>2.18.4</version>
58+
<version>2.18.6</version>
5959
</dependency>
6060
<dependency>
6161
<groupId>com.fasterxml.jackson.core</groupId>
6262
<artifactId>jackson-core</artifactId>
63-
<version>2.18.4</version>
63+
<version>2.18.6</version>
6464
</dependency>
6565
<dependency>
6666
<groupId>com.fasterxml.jackson.core</groupId>
6767
<artifactId>jackson-annotations</artifactId>
68-
<version>2.18.4</version>
68+
<version>2.18.6</version>
6969
</dependency>
7070

7171
<!-- Log4j -->
7272
<dependency>
7373
<groupId>org.apache.logging.log4j</groupId>
7474
<artifactId>log4j-api</artifactId>
75-
<version>2.25.1</version>
75+
<version>2.25.3</version>
7676
</dependency>
7777
<dependency>
7878
<groupId>org.apache.logging.log4j</groupId>
7979
<artifactId>log4j-core</artifactId>
80-
<version>2.25.1</version>
80+
<version>2.25.3</version>
8181
</dependency>
8282
<dependency>
8383
<groupId>org.apache.logging.log4j</groupId>
8484
<artifactId>log4j-layout-template-json</artifactId>
85-
<version>2.25.1</version>
85+
<version>2.25.3</version>
8686
</dependency>
8787
<dependency>
8888
<groupId>org.apache.logging.log4j</groupId>
8989
<artifactId>log4j-slf4j-impl</artifactId>
90-
<version>2.25.1</version>
90+
<version>2.25.3</version>
9191
</dependency>
9292

9393

unicorn_web/Common/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
<dependency>
2929
<groupId>com.fasterxml.jackson.core</groupId>
3030
<artifactId>jackson-annotations</artifactId>
31-
<version>2.18.4</version>
31+
<version>2.18.6</version>
3232
<scope>compile</scope>
3333
</dependency>
3434
</dependencies>

unicorn_web/PublicationManagerService/pom.xml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -136,29 +136,29 @@
136136
<dependency>
137137
<groupId>com.fasterxml.jackson.core</groupId>
138138
<artifactId>jackson-databind</artifactId>
139-
<version>2.18.4</version>
139+
<version>2.18.6</version>
140140
</dependency>
141141
<dependency>
142142
<groupId>com.fasterxml.jackson.core</groupId>
143143
<artifactId>jackson-core</artifactId>
144-
<version>2.18.4</version>
144+
<version>2.18.6</version>
145145
</dependency>
146146
<dependency>
147147
<groupId>com.fasterxml.jackson.core</groupId>
148148
<artifactId>jackson-annotations</artifactId>
149-
<version>2.18.4</version>
149+
<version>2.18.6</version>
150150
</dependency>
151151

152152
<!-- Log4j -->
153153
<dependency>
154154
<groupId>org.apache.logging.log4j</groupId>
155155
<artifactId>log4j-api</artifactId>
156-
<version>2.25.1</version>
156+
<version>2.25.3</version>
157157
</dependency>
158158
<dependency>
159159
<groupId>org.apache.logging.log4j</groupId>
160160
<artifactId>log4j-core</artifactId>
161-
<version>2.25.1</version>
161+
<version>2.25.3</version>
162162
</dependency>
163163
<dependency>
164164
<groupId>common</groupId>

unicorn_web/SearchService/pom.xml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -137,29 +137,29 @@
137137
<dependency>
138138
<groupId>com.fasterxml.jackson.core</groupId>
139139
<artifactId>jackson-databind</artifactId>
140-
<version>2.18.4</version>
140+
<version>2.18.6</version>
141141
</dependency>
142142
<dependency>
143143
<groupId>com.fasterxml.jackson.core</groupId>
144144
<artifactId>jackson-core</artifactId>
145-
<version>2.18.4</version>
145+
<version>2.18.6</version>
146146
</dependency>
147147
<dependency>
148148
<groupId>com.fasterxml.jackson.core</groupId>
149149
<artifactId>jackson-annotations</artifactId>
150-
<version>2.18.4</version>
150+
<version>2.18.6</version>
151151
</dependency>
152152

153153
<!-- Log4j -->
154154
<dependency>
155155
<groupId>org.apache.logging.log4j</groupId>
156156
<artifactId>log4j-api</artifactId>
157-
<version>2.25.1</version>
157+
<version>2.25.3</version>
158158
</dependency>
159159
<dependency>
160160
<groupId>org.apache.logging.log4j</groupId>
161161
<artifactId>log4j-core</artifactId>
162-
<version>2.25.1</version>
162+
<version>2.25.3</version>
163163
</dependency>
164164
<dependency>
165165
<groupId>common</groupId>

0 commit comments

Comments
 (0)