Upgrade Jackson version to 2.11.4 (#13)

* Upgrade Jackson version to 2.11.4 Upgrade Jackson version to 2.11.4 to match OpenSearch core. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28491 * Force resolution of new Jackson versions * Add jackson-core to force-resolved dependencies
opensearch-project · May 19, 2021 · 67d4ab7 · 67d4ab7
1 parent cb34f28
commit 67d4ab7
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/build.gradle b/build.gradle
@@ -222,6 +222,8 @@ dependencies {
         compile files("${System.properties['java.home']}/../lib/tools.jar")
     }
 
+    def jacksonVersion = "2.11.4"
+
     configurations {
         // jarHell reports class name conflicts between securemock and mockito-core
         // has to disable one of them.
@@ -232,12 +234,11 @@ dependencies {
 
     configurations.all {
        resolutionStrategy {
-          force 'com.fasterxml.jackson.core:jackson-databind:2.10.5.1'
-          force 'com.fasterxml.jackson.core:jackson-core:2.10.5'
-          force 'com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.10.5'
-          force 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.10.5'
-          force 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.10.5'
           force 'junit:junit:4.13.1'
+          force "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
+          force "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
+          force "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
+          force "com.fasterxml.jackson.module:jackson-module-paranamer:${jacksonVersion}"
        }
     }
 
@@ -249,9 +250,9 @@ dependencies {
     compile 'org.bouncycastle:bcprov-jdk15on:1.68'
     compile 'org.bouncycastle:bcpkix-jdk15on:1.68'
     compile 'com.amazon.opensearch:performanceanalyzer-rca:1.0.0.0-beta1'
-    compile 'com.fasterxml.jackson.core:jackson-annotations:2.10.5'
-    compile 'com.fasterxml.jackson.core:jackson-databind:2.10.5.1'
-    compile 'com.fasterxml.jackson.module:jackson-module-paranamer:2.10.5'
+    compile "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
+    compile "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
+    compile "com.fasterxml.jackson.module:jackson-module-paranamer:${jacksonVersion}"
     compile(group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.11.1') {
         force = 'true'
     }