Upgrading Jettison due to CVE-2022-45685 (opensearch-project#5777)

* Upgrading Jettison due to CVE Signed-off-by: Sarat Vemulapalli <[email protected]> * Updated Changelog Signed-off-by: Sarat Vemulapalli <[email protected]> Signed-off-by: Sarat Vemulapalli <[email protected]>
cwperks · Jan 13, 2023 · 32dd9e2 · 32dd9e2
1 parent 5989d01
commit 32dd9e2
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -36,7 +36,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Dependencies
 - Bumps `log4j-core` from 2.18.0 to 2.19.0
 - Bumps `reactor-netty-http` from 1.0.18 to 1.0.23
-- Bumps `jettison` from 1.5.0 to 1.5.1
+- Bumps `jettison` from 1.5.0 to 1.5.3
 - Bumps `forbiddenapis` from 3.3 to 3.4
 - Bumps `gson` from 2.9.0 to 2.10
 - Bumps `avro` from 1.11.0 to 1.11.1

diff --git a/buildSrc/version.properties b/buildSrc/version.properties
@@ -17,7 +17,7 @@ supercsv          = 2.4.0
 log4j             = 2.17.1
 slf4j             = 1.7.36
 asm               = 9.4
-jettison          = 1.5.1
+jettison          = 1.5.3
 woodstox          = 6.4.0
 kotlin            = 1.7.10
 antlr4            = 4.11.1

diff --git a/plugins/discovery-azure-classic/licenses/jettison-1.5.1.jar.sha1 b/plugins/discovery-azure-classic/licenses/jettison-1.5.1.jar.sha1
diff --git a/plugins/discovery-azure-classic/licenses/jettison-1.5.3.jar.sha1 b/plugins/discovery-azure-classic/licenses/jettison-1.5.3.jar.sha1
@@ -0,0 +1 @@
+964d35bbdecbbc33cf2f2044e8a1648d9f6f1474