Skip to content

[fix][sec][branch-4.0] Upgrade Jackson version to 2.18.9#26187

Merged
shibd merged 1 commit into
apache:branch-4.0from
shibd:codex/jackson-2.18.9-branch-4.0
Jul 14, 2026
Merged

[fix][sec][branch-4.0] Upgrade Jackson version to 2.18.9#26187
shibd merged 1 commit into
apache:branch-4.0from
shibd:codex/jackson-2.18.9-branch-4.0

Conversation

@shibd

@shibd shibd commented Jul 14, 2026

Copy link
Copy Markdown
Member

Motivation

Upgrade Jackson to 2.18.9 to fix the following vulnerability:

Affected versions can make properties ignored with @JsonIgnoreProperties writable again when per-property case-insensitive deserialization is enabled.

Modifications

Upgrade Jackson from 2.18.8 to 2.18.9 and update the server and shell LICENSE.bin.txt files accordingly.

Verifications

  • ./mvnw -q -N help:evaluate -Dexpression=jackson.version -DforceStdout
  • ./mvnw -pl pulsar-client -am -Dtest=ConfigurationDataUtilsTest -Dsurefire.failIfNoSpecifiedTests=false -Dspotbugs.skip=true -Dcheckstyle.skip=true -Drat.skip=true test (9 tests, 0 failures, 0 errors)

@shibd shibd marked this pull request as ready for review July 14, 2026 02:31
@shibd shibd merged commit 0f57557 into apache:branch-4.0 Jul 14, 2026
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants