[CVE-2020-36518] Update jackson-databind to 2.13.2.2 (#2599) (#2647)

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
(cherry picked from commit d8a1ba6)

Co-authored-by: Andriy Redko <andriy.redko@aiven.io>

Author: opensearch-trigger-bot[bot]

buildSrc/build.gradle

@@ -116,7 +116,7 @@ dependencies {
   api 'com.avast.gradle:gradle-docker-compose-plugin:0.14.12'
   api 'org.apache.maven:maven-model:3.6.2'
   api 'com.networknt:json-schema-validator:1.0.68'
-  api "com.fasterxml.jackson.core:jackson-databind:${props.getProperty('jackson')}"
+  api "com.fasterxml.jackson.core:jackson-databind:${props.getProperty('jackson_databind')}"
 
   testFixturesApi "junit:junit:${props.getProperty('junit')}"
   testFixturesApi "com.carrotsearch.randomizedtesting:randomizedtesting-runner:${props.getProperty('randomizedrunner')}"

buildSrc/version.properties

@@ -10,6 +10,7 @@ bundled_jdk = 17.0.2+8
 spatial4j         = 0.7
 jts               = 1.15.0
 jackson           = 2.13.2
+jackson_databind  = 2.13.2.2
 snakeyaml         = 1.26
 icu4j             = 70.1
 supercsv          = 2.4.0

distribution/tools/upgrade-cli/build.gradle

@@ -15,7 +15,7 @@ dependencies {
   compileOnly project(":server")
   compileOnly project(":libs:opensearch-cli")
   implementation "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
-  implementation "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  implementation "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
   implementation "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
   testImplementation project(":test:framework")
   testImplementation 'com.google.jimfs:jimfs:1.2'

distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.2.2.jar.sha1

@@ -0,0 +1 @@
+ffeb635597d093509f33e1e94274d14be610f933

distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.2.jar.sha1

@@ -34,7 +34,7 @@ dependencies {
   }
   testImplementation "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
   testImplementation "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
-  testImplementation "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  testImplementation "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
 }
 
 tasks.named('forbiddenApisMain').configure {

libs/dissect/build.gradle

@@ -42,7 +42,7 @@ dependencies {
   api('com.maxmind.geoip2:geoip2:2.16.1')
   // geoip2 dependencies:
   api("com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}")
-  api("com.fasterxml.jackson.core:jackson-databind:${versions.jackson}")
+  api("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}")
   api('com.maxmind.db:maxmind-db:2.0.0')
 
   testImplementation 'org.elasticsearch:geolite2-databases:20191119'

modules/ingest-geoip/build.gradle

@@ -0,0 +1 @@
+ffeb635597d093509f33e1e94274d14be610f933

modules/ingest-geoip/licenses/jackson-databind-2.13.2.2.jar.sha1

@@ -50,7 +50,7 @@ dependencies {
   api "commons-logging:commons-logging:${versions.commonslogging}"
   api "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}"
   api "commons-codec:commons-codec:${versions.commonscodec}"
-  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
   api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
 }
 

modules/ingest-geoip/licenses/jackson-databind-2.13.2.jar.sha1

@@ -0,0 +1 @@
+ffeb635597d093509f33e1e94274d14be610f933

plugins/discovery-ec2/build.gradle

@@ -62,7 +62,7 @@ dependencies {
   api 'io.projectreactor.netty:reactor-netty-http:1.0.16'
   api "org.slf4j:slf4j-api:${versions.slf4j}"
   api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
-  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
   api "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${versions.jackson}"
   api "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${versions.jackson}"
   api "com.fasterxml.jackson.module:jackson-module-jaxb-annotations:${versions.jackson}"

plugins/discovery-ec2/licenses/jackson-databind-2.13.2.2.jar.sha1

@@ -0,0 +1 @@
+ffeb635597d093509f33e1e94274d14be610f933

plugins/discovery-ec2/licenses/jackson-databind-2.13.2.jar.sha1

@@ -64,7 +64,7 @@ dependencies {
   api 'org.apache.htrace:htrace-core4:4.2.0-incubating'
   api "org.apache.logging.log4j:log4j-core:${versions.log4j}"
   api 'org.apache.avro:avro:1.10.2'
-  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
   api 'com.google.code.gson:gson:2.9.0'
   runtimeOnly 'com.google.guava:guava:30.1.1-jre'
   api 'com.google.protobuf:protobuf-java:3.19.3'

plugins/repository-azure/build.gradle

@@ -0,0 +1 @@
+ffeb635597d093509f33e1e94274d14be610f933

plugins/repository-azure/licenses/jackson-databind-2.13.2.2.jar.sha1

@@ -58,7 +58,7 @@ dependencies {
   api "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}"
   api "commons-codec:commons-codec:${versions.commonscodec}"
   api "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
-  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
   api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
   api "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:${versions.jackson}"
   api "joda-time:joda-time:${versions.joda}"

plugins/repository-azure/licenses/jackson-databind-2.13.2.jar.sha1

@@ -0,0 +1 @@
+ffeb635597d093509f33e1e94274d14be610f933

plugins/repository-hdfs/build.gradle

@@ -50,7 +50,7 @@ dependencies {
 
   testImplementation "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
   testImplementation "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
-  testImplementation "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  testImplementation "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
 }
 
 tasks.named('forbiddenApisTest').configure {

plugins/repository-hdfs/licenses/jackson-databind-2.13.2.2.jar.sha1

@@ -50,7 +50,7 @@ dependencies {
   }
   api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
   api "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
-  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
   api "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:${versions.jackson}"
   api "com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:${versions.jackson}"
   api "com.fasterxml.jackson.module:jackson-module-jaxb-annotations:${versions.jackson}"

plugins/repository-hdfs/licenses/jackson-databind-2.13.2.jar.sha1

@@ -41,6 +41,6 @@ dependencies {
   api 'com.google.code.gson:gson:2.9.0'
   api "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
   api "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:${versions.jackson}"
-  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
+  api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
   api 'net.minidev:json-smart:2.4.8'
 }