Update dependency of jackson to 2.9.9

FSchumacher · FSchumacher · commit af5617143003 · 2019-05-29T12:51:13.000Z
Update the Jackson libraries used from 2.9.8 to current 2.9.9 due to CVE-2019-12086 in Jackson-Databind. Bugzilla Id: 63473 git-svn-id: https://svn.apache.org/repos/asf/jmeter/trunk@1860342 13f79535-47bb-0310-9956-ffa450edef68 Former-commit-id: 62ce6f3
diff --git a/LICENSE b/LICENSE
@@ -251,9 +251,9 @@ The following software is provided under the Apache License V 2.0 (as above):
 * caffeine-2.6.2.jar
 * darcula.jar
 * freemarker-2.3.28.jar (AL2.0, see licenses/bin for additional info)
-* jackson-annotations-2.9.8.jar
-* jackson-core-2.9.8.jar
-* jackson-databind-2.9.8.jar
+* jackson-annotations-2.9.9.jar
+* jackson-core-2.9.9.jar
+* jackson-databind-2.9.9.jar
 * json-path-2.4.0.jar
 * json-smart-2.3.jar
 * mongo-java-driver-2.11.3.jar
diff --git a/build.properties b/build.properties
@@ -210,20 +210,20 @@ httpcore-nio.jar                = httpcore-nio-${httpcore-nio.version}.jar
 httpcore-nio.loc                = ${maven2.repo}/org/apache/httpcomponents/httpcore-nio/${httpcore-nio.version}
 httpcore-nio.sha512             = 921BFA77D06C2B624D257DC6D57689A06F704954AE49FE4433D5200018F46607A46EA21ECA3C7757913BD6C1C2605A025BEA912A007230EA2E4227C07F8ADCA3
 
-jackson-annotations.version = 2.9.8
+jackson-annotations.version = 2.9.9
 jackson-annotations.jar     = jackson-annotations-${jackson-annotations.version}.jar
 jackson-annotations.loc     = ${maven2.repo}/com/fasterxml/jackson/core/jackson-annotations/${jackson-annotations.version}
-jackson-annotations.sha512  = 05A7A203623DF2E7A2C338D589871C07258E7552F4C55B3F45BBBD77B5E04B7A77F96779F19394182B20DE98DB419496AB0ADB6D5D28C42F8FFEA1C76C82D8AF
+jackson-annotations.sha512  = fd7e441fbb6a807b1841497bbf6b4950ca11a48fad19b83bad6da691a9878a8b03f28eef11dac7ef160cb9535c999d7bbf49da155c165c205aeb7dd81c111f28
 
-jackson-core.version = 2.9.8
+jackson-core.version = 2.9.9
 jackson-core.jar     = jackson-core-${jackson-core.version}.jar
 jackson-core.loc     = ${maven2.repo}/com/fasterxml/jackson/core/jackson-core/${jackson-core.version}
-jackson-core.sha512  = 695C4BF0C5BF72910DC09CD6062FAA7690ECE110F874DADE86D5E3D6EE5598E57572517200D7A31816AB599F01350E5AAC9A671FFB826650F385EA97E4BC0D98
+jackson-core.sha512  = d8beac9e71444bc795c9d99308ead3284a39aa161f825708da7dbdfce410d099c0bbc76c31c27adad540cf3bccf6826d539fcb157923efae84b10b3778b920a9
 
-jackson-databind.version = 2.9.8
+jackson-databind.version = 2.9.9
 jackson-databind.jar     = jackson-databind-${jackson-databind.version}.jar
 jackson-databind.loc     = ${maven2.repo}/com/fasterxml/jackson/core/jackson-databind/${jackson-databind.version}
-jackson-databind.sha512  = 720F2D2779CBFD4B470CB5106AB3944EF12717330534B94F99D8D81D1F07BBA809A30BC92E296ECB31CB76C2FEAA06870B7EDFF5A081C7EFED9C3AC7E5CEBE2F
+jackson-databind.sha512  = 47204158c4adbbc8d6659055786641ef6ec95ef6648662ad797aface0a3e1074c7bd4d2f565bbe5837bfd0bc06aec2d8888415ff94a94583f5bda644ca5004a5
 
 jakarta-oro.version         = 2.0.8
 jakarta-oro.jar             = oro-${jakarta-oro.version}.jar
diff --git a/eclipse.classpath b/eclipse.classpath
@@ -74,9 +74,9 @@
 	<classpathentry kind="lib" path="lib/httpcore-nio-4.4.11.jar"/>
 	<classpathentry kind="lib" path="lib/httpcore-4.4.11.jar"/>
 	<classpathentry kind="lib" path="lib/httpmime-4.5.8.jar"/>
-	<classpathentry kind="lib" path="lib/jackson-annotations-2.9.8.jar"/>
-	<classpathentry kind="lib" path="lib/jackson-core-2.9.8.jar"/>
-	<classpathentry kind="lib" path="lib/jackson-databind-2.9.8.jar"/>
+	<classpathentry kind="lib" path="lib/jackson-annotations-2.9.9.jar"/>
+	<classpathentry kind="lib" path="lib/jackson-core-2.9.9.jar"/>
+	<classpathentry kind="lib" path="lib/jackson-databind-2.9.9.jar"/>
 	<classpathentry kind="lib" path="lib/javax.activation-api-1.2.0.jar"/>
 	<classpathentry kind="lib" path="lib/javax.activation-1.2.0.jar"/>
 	<classpathentry kind="lib" path="lib/jcharts-0.7.5.jar"/>
diff --git a/lib/aareadme.txt b/lib/aareadme.txt
@@ -123,14 +123,14 @@ javax.activation-1.2.0.jar
 ----------------------
 - used by SMTP Sampler
 
-jackson-annotations-2.9.8 (com.fasterxml.jackson)
+jackson-annotations-2.9.9 (com.fasterxml.jackson)
 ----------------------
 
 Used by JsonExporter in report generator (com.fasterxml.jackson)
 ----------------------
-jackson-annotations-2.9.8 (https://github.com/FasterXML/jackson-annotations)
-jackson-core-2.9.8 (https://github.com/FasterXML/jackson-core)
-jackson-databind-2.9.8 (https://github.com/FasterXML/jackson-databind)
+jackson-annotations-2.9.9 (https://github.com/FasterXML/jackson-annotations)
+jackson-core-2.9.9 (https://github.com/FasterXML/jackson-core)
+jackson-databind-2.9.9 (https://github.com/FasterXML/jackson-databind)
 
 jCharts-0.7.5 (org.jCharts)
 -------------
diff --git a/res/maven/ApacheJMeter_parent.pom b/res/maven/ApacheJMeter_parent.pom
@@ -82,9 +82,9 @@ under the License.
       <httpcore.version>4.4.11</httpcore.version>
       <httpcore-nio.version>4.4.11</httpcore-nio.version>
       <httpmime.version>4.5.8</httpmime.version>
-      <jackson-annotations.version>2.9.8</jackson-annotations.version>
-      <jackson-core.version>2.9.8</jackson-core.version>
-      <jackson-databind.version>2.9.8</jackson-databind.version>
+      <jackson-annotations.version>2.9.9</jackson-annotations.version>
+      <jackson-core.version>2.9.9</jackson-core.version>
+      <jackson-databind.version>2.9.9</jackson-databind.version>
       <jakarta-oro.version>2.0.8</jakarta-oro.version>
       <javax.activation-api.version>1.2.0</javax.activation-api.version>
       <javax.activation.version>1.2.0</javax.activation.version>
diff --git a/xdocs/changes.xml b/xdocs/changes.xml
@@ -126,6 +126,7 @@ to view the last major behaviors with the version 5.1.1.
 <ch_section>Non-functional changes</ch_section>
 <ul>
     <li>Updated to tika-core and tika-parsers 1.21 (from 1.21)</li>
+    <li>Updated jackson-annotations, jackson-core and jackson-databind to 2.9.9 (from 2.9.8)</li>
 </ul>
 
  <!-- =================== Bug fixes =================== -->
@@ -202,6 +203,7 @@ to view the last major behaviors with the version 5.1.1.
     <li>Sergiy Iampol (sergiy.iampol at playtech.com)</li>
     <li>Brian Tully (brian.tully at acquia.com)</li>
     <li>Amer Ghazal (amerghazal at gmail.com)</li>
+    <li>(stefan at trilobyte-se.de)</li>
 </ul>
 <p>
 Apologies if we have omitted anyone else.
