diff --git a/build/tmpl/text/changes.txt b/build/tmpl/text/changes.txt index 9b926301e1..0f8bbcd626 100644 --- a/build/tmpl/text/changes.txt +++ b/build/tmpl/text/changes.txt @@ -5,6 +5,9 @@ Changes log @version-full@ (@release-date@) + - Vulnerabilities fixed + - Upgraded jackson dependency to 2.8.8 - CVE-2016-7051. Issue #1264. + Reported by Philippe Perrault. - Bugs fixed - Invalid max-age value for cookie settings replaced by Integer.MAX_VALUE constant. Issue #1251. Reported by Chad Gatesman. diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.annotations.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.annotations.jar deleted file mode 100644 index 4779188a9f..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.annotations.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.core.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.core.jar deleted file mode 100644 index da2a877f18..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.core.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.csv.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.csv.jar deleted file mode 100644 index f561dc10ff..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.csv.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.databind.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.databind.jar deleted file mode 100644 index e945e5e800..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.databind.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.jaxb.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.jaxb.jar deleted file mode 100644 index 96955b099f..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.jaxb.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.jsonschema.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.jsonschema.jar deleted file mode 100644 index 25a3a306da..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.jsonschema.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.smile.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.smile.jar deleted file mode 100644 index 2a6b285190..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.smile.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.xml.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.xml.jar deleted file mode 100644 index 8f0fa34d09..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.xml.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.yaml.jar b/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.yaml.jar deleted file mode 100644 index 7770cb9184..0000000000 Binary files a/libraries/com.fasterxml.jackson_2.4/com.fasterxml.jackson.yaml.jar and /dev/null differ diff --git a/libraries/com.fasterxml.jackson_2.4/.classpath b/libraries/com.fasterxml.jackson_2.8/.classpath similarity index 100% rename from libraries/com.fasterxml.jackson_2.4/.classpath rename to libraries/com.fasterxml.jackson_2.8/.classpath diff --git a/libraries/com.fasterxml.jackson_2.4/.gitignore b/libraries/com.fasterxml.jackson_2.8/.gitignore similarity index 100% rename from libraries/com.fasterxml.jackson_2.4/.gitignore rename to libraries/com.fasterxml.jackson_2.8/.gitignore diff --git a/libraries/com.fasterxml.jackson_2.4/.project b/libraries/com.fasterxml.jackson_2.8/.project similarity index 100% rename from libraries/com.fasterxml.jackson_2.4/.project rename to libraries/com.fasterxml.jackson_2.8/.project diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.annotations.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.annotations.jar new file mode 100644 index 0000000000..bd3ba9d236 Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.annotations.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.core.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.core.jar new file mode 100644 index 0000000000..2a66a6f039 Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.core.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.csv.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.csv.jar new file mode 100644 index 0000000000..03c92b633d Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.csv.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.databind.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.databind.jar new file mode 100644 index 0000000000..91f068e502 Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.databind.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.jaxb.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.jaxb.jar new file mode 100644 index 0000000000..d85ace1b03 Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.jaxb.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.jsonschema.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.jsonschema.jar new file mode 100644 index 0000000000..d2838be8c5 Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.jsonschema.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.smile.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.smile.jar new file mode 100644 index 0000000000..6ca923ff79 Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.smile.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.xml.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.xml.jar new file mode 100644 index 0000000000..25d66734dd Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.xml.jar differ diff --git a/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.yaml.jar b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.yaml.jar new file mode 100644 index 0000000000..04b83c3566 Binary files /dev/null and b/libraries/com.fasterxml.jackson_2.8/com.fasterxml.jackson.yaml.jar differ diff --git a/libraries/com.fasterxml.jackson_2.4/library.xml b/libraries/com.fasterxml.jackson_2.8/library.xml similarity index 98% rename from libraries/com.fasterxml.jackson_2.4/library.xml rename to libraries/com.fasterxml.jackson_2.8/library.xml index b81c041e4a..fa2d8ced86 100644 --- a/libraries/com.fasterxml.jackson_2.4/library.xml +++ b/libraries/com.fasterxml.jackson_2.8/library.xml @@ -1,8 +1,8 @@ High-performance JSON processor High-performance JSON processor - 2.4 - 4 + 2.8 + 8 http://jackson.codehaus.org/ http://wiki.fasterxml.com/JacksonDownload The Codehaus foundation diff --git a/libraries/com.fasterxml.jackson_2.4/license.txt b/libraries/com.fasterxml.jackson_2.8/license.txt similarity index 100% rename from libraries/com.fasterxml.jackson_2.4/license.txt rename to libraries/com.fasterxml.jackson_2.8/license.txt diff --git a/libraries/com.fasterxml.jackson_2.4/readme.txt b/libraries/com.fasterxml.jackson_2.8/readme.txt similarity index 100% rename from libraries/com.fasterxml.jackson_2.4/readme.txt rename to libraries/com.fasterxml.jackson_2.8/readme.txt diff --git a/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/application/RepresentationCollector.java b/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/application/RepresentationCollector.java index 6bf7024e14..73bff63b48 100644 --- a/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/application/RepresentationCollector.java +++ b/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/application/RepresentationCollector.java @@ -50,6 +50,9 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyDescription; import com.fasterxml.jackson.annotation.JsonRootName; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationConfig; import com.fasterxml.jackson.databind.introspect.AnnotatedClass; import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector; @@ -118,10 +121,12 @@ public static void addRepresentation(CollectInfo collectInfo, if (typeInfo.isPojo()) { // add properties definition - BeanInfo beanInfo = BeanInfoUtils.getBeanInfo(typeInfo - .getRepresentationClazz()); + BeanInfo beanInfo = BeanInfoUtils.getBeanInfo(typeInfo.getRepresentationClazz()); - JsonIgnoreProperties jsonIgnorePropertiesAnnotation = AnnotatedClass.construct(typeInfo.getRepresentationClazz(), new JacksonAnnotationIntrospector(), null).getAnnotation(JsonIgnoreProperties.class); + ObjectMapper mapper = new ObjectMapper(); + JsonIgnoreProperties jsonIgnorePropertiesAnnotation = AnnotatedClass + .construct(mapper.constructType(typeInfo.getRepresentationClazz()), mapper.getSerializationConfig()) + .getAnnotation(JsonIgnoreProperties.class); List jsonIgnoreProperties = jsonIgnorePropertiesAnnotation == null ? null : Arrays.asList(jsonIgnorePropertiesAnnotation.value()); for (PropertyDescriptor pd : beanInfo.getPropertyDescriptors()) { diff --git a/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/jaxrs/JaxRsIntrospector.java b/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/jaxrs/JaxRsIntrospector.java index bb32079e20..d45758865c 100644 --- a/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/jaxrs/JaxRsIntrospector.java +++ b/modules/org.restlet.ext.apispark/src/org/restlet/ext/apispark/internal/introspection/jaxrs/JaxRsIntrospector.java @@ -91,6 +91,9 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyDescription; import com.fasterxml.jackson.annotation.JsonRootName; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationConfig; import com.fasterxml.jackson.databind.introspect.AnnotatedClass; import com.fasterxml.jackson.databind.introspect.JacksonAnnotationIntrospector; @@ -334,12 +337,12 @@ private static void addRepresentation(CollectInfo collectInfo, if (typeInfo.isPojo()) { // add properties definition - BeanInfo beanInfo = BeanInfoUtils.getBeanInfo(typeInfo - .getRepresentationClazz()); + BeanInfo beanInfo = BeanInfoUtils.getBeanInfo(typeInfo.getRepresentationClazz()); + + ObjectMapper mapper = new ObjectMapper(); JsonIgnoreProperties jsonIgnorePropertiesAnnotation = AnnotatedClass - .construct(typeInfo.getRepresentationClazz(), - new JacksonAnnotationIntrospector(), null) + .construct(mapper.constructType(typeInfo.getRepresentationClazz()), mapper.getSerializationConfig()) .getAnnotation(JsonIgnoreProperties.class); List jsonIgnoreProperties = jsonIgnorePropertiesAnnotation == null ? null : Arrays.asList(jsonIgnorePropertiesAnnotation.value());