Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.glassfish.jersey.media:jersey-media-json-jackson to v2.30.1 - autoclosed #133

Conversation

mend-for-github-com[bot]
Copy link
Contributor

This PR contains the following updates:

Package Update Change
org.glassfish.jersey.media:jersey-media-json-jackson (source) minor 2.27 -> 2.30.1

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2019-10202 #41
High 9.8 CVE-2019-14379 #61
High 9.8 CVE-2019-14540 #2
High 9.8 CVE-2019-14892 #58
High 9.8 CVE-2019-14893 #55
High 9.8 CVE-2019-16335 #18
High 9.8 CVE-2019-16942 #36
High 9.8 CVE-2019-16943 #38
High 9.8 CVE-2019-17267 #21
High 9.8 CVE-2019-17531 #4
High 9.8 CVE-2019-20330 #66
High 9.8 CVE-2020-8840 #37
High 9.8 CVE-2020-9546 #60
High 9.8 CVE-2020-9547 #62
High 9.8 CVE-2020-9548 #63
High 8.8 CVE-2020-10672 #71
High 8.8 CVE-2020-10673 #72
High 8.8 CVE-2020-10968 #25
High 8.8 CVE-2020-10969 #26
High 8.8 CVE-2020-11111 #43
High 8.8 CVE-2020-11112 #46
High 8.8 CVE-2020-11113 #45
High 8.1 CVE-2020-11619 #20
High 8.1 CVE-2020-11620 #30
High 8.1 CVE-2020-14060 #50
High 8.1 CVE-2020-14061 #52
High 8.1 CVE-2020-14062 #54
High 8.1 CVE-2020-14195 #73
High 8.1 CVE-2020-24616 #48
High 8.1 CVE-2020-24750 #56
High 8.1 CVE-2020-35490 #89
High 8.1 CVE-2020-35491 #93
High 8.1 CVE-2020-35728 #84
High 8.1 CVE-2020-36179 #98
High 8.1 CVE-2020-36180 #88
High 8.1 CVE-2020-36181 #87
High 8.1 CVE-2020-36182 #91
High 8.1 CVE-2020-36183 #90
High 8.1 CVE-2020-36184 #94
High 8.1 CVE-2020-36185 #92
High 8.1 CVE-2020-36186 #96
High 8.1 CVE-2020-36187 #95
High 8.1 CVE-2020-36188 #86
High 8.1 CVE-2020-36189 #85
High 8.1 CVE-2021-20190 #97
High 7.5 CVE-2019-12086 #3
High 7.5 CVE-2019-14439 #22
High 7.5 CVE-2020-25649 #83
Medium 5.9 CVE-2019-12384 #32
Medium 5.9 CVE-2019-12814 #24

Release Notes

eclipse-ee4j/jersey

v2.30.1

Compare Source

  • [Issue 4369] - NettyConnectorProvider (jersey-netty-connector) doesn't send query parameters in the Get Request
  • [Issue 4380] - Jersey 2.30 does not work on JDK 11
  • [Issue 4388] - Jerey 2.30 breaks HK2 AbstractBinder injection in Features
  • [Pull 4339] - Adopt Jackson 2.10.1
  • [Pull 4364] - Updated checkstyle plugin to latest 3.1.0
  • [Pull 4366] - Multi release sources
  • [Pull 4371] - Jersey Configuration documentation
  • [Pull 4373] - Fixed stacktraces caused by incorrect JNDI lookup
  • [Pull 4376] - [#​3651] Broken links in examples README files
  • [Pull 4377] - [#​3726] Typo in preface
  • [Pull 4378] - [#​3720] Incorrect method in the documentation
  • [Pull 4386] - Fix #​4380 - Jersey 2.30 does not work on JDK 11
  • [Pull 4387] - netty connector/container modifications
  • [Pull 4390] - Fix #​3433 - Multiple cookies with same name are not supported
  • [Pull 4393] - Query parameters were not included in netty URI
  • [Pull 4394] - Allow HK2 AbstractBinder class to bind before the Feature is called
  • [Pull 4396] - Preparation for GF 6
  • v2.30

    Compare Source

  • [Issue 4245] - Java 11 java.desktop module dependency
  • [Issue 4256] - HK2 AbstractBinders are configured twice
  • [Issue 4266] - Fix HeaderDelageProvider functionality
  • [Issue 4294] - Inefficient access of LinkedList in Resource$Builder.mergeResources
  • [Issue 4302] - Jetty 9.4.22 QueuedThreadPool compatibility
  • [Issue 4304] - ResourceConfig not properly using specified ClassLoader
  • [Issue 4325] - Build Jersey on JDK13
  • [Issue 4336] - Allow to use a connector with RESTClient
  • [Issue 4344] - Jersey 2.29 AbstractBinder.configure() called twice
  • [Pull 4254] - Wiremock does not run now when skipTests property is set as true
  • [Pull 4258] - Loading keystore resource if location starts with /
  • [Pull 4260] - Jersey documentation scripts
  • [Pull 4268] - Use locale insensitive case changes to ensure user code doesn't break…
  • [Pull 4271] - Do not handle already handled requests on Jetty
  • [Pull 4272] - AsyncInvocationinverceptors not properly created for each request
  • [Pull 4273] - DocBook fixes
  • [Pull 4274] - JsonBindingProvider provides JSON-B (not Jackson)
  • [Pull 4275] - Throwing NoContentException when InputStream is empty
  • [Pull 4276] - Allow for using HeaderDelegateProvider service
  • [Pull 4277] - HK2 to skip fields injected by CDI in non bean-defining-annotated beans
  • [Pull 4279] - Update ASM to 7.2
  • [Pull 4280] - Move CDI integration tests to a common CDI-Integration module
  • [Pull 4283] - Enable to use AsyncInvoker in Rx client
  • [Pull 4290] - release notes maven plugin (for Jersey)
  • [Pull 4291] - Ignore tests of container-runner-maven-plugin on Windows
  • [Pull 4292] - Assure that exception in async interceptor doesn't prevent completion
  • [Pull 4296] - exclude javax.validation-api from bean validation dependency
  • [Pull 4298] - Take Hk2CustomBoundTypesProvider into an account
  • [Pull 4300] - Performance improvement in Resource.Builder#mergeResources
  • [Pull 4301] - New client PreInvocationInterceptor and PostInvocationInterceptor SPI
  • [Pull 4303] - Make JettyConnectorThreadPool#newThread public to comply with latest Jetty
  • [Pull 4306] - Fixes #​4304: ResourceConfig not properly using specified ClassLoader
  • [Pull 4307] - Use Spring Context 4 in the Spring integration test
  • [Pull 4309] - Spring 5 integration tests
  • [Pull 4312] - Rewritten Netty Jersey implementation using direct ByteBuf consumption
  • [Pull 4313] - new InvocationBuilderListener SPI
  • [Pull 4314] - Override HK2 dependency versions with versions used in Jersey
  • [Pull 4317] - Added deprecated methods back to retain backwards compatibility
  • [Pull 4318] - Close SseEventSink at the end of the example
  • [Pull 4327] - Allow to use additional properties with security manager/4323
  • [Pull 4338] - Fix issues with ChunkedInputStream when using Apache Connector
  • [Pull 4341] - Build Jersey on JDK13
  • [Pull 4342] - Allow to disable certain default providers
  • [Pull 4347] - ConnectorProvider support added to mp rest client
  • [Pull 4349] - Prevent HK2 AbstractBinder from being configured twice.
  • [Pull 4350] - Updated versions of 3rd party content
  • [Pull 4352] - Replace an Exception thrown with BAD_REQUEST
  • [Pull 4353] - OSGI groupId fix
  • [Pull 4358] - initialize legal.source.folder property by plugin
  • [Pull 4359] - Fix check style
  • [Pull 4360] - Legal files for common
  • [Pull 4361] - Properties and plugin change of examples module for legal files
  • v2.29.1

    Compare Source

    Issues and Pull Requests

    • [Pull 4243] - Fixes #​4239 MediaType in method parameter not overridden by annotation
    • [Pull 4240] - Jakarta api integration
    • [Pull 4238] - Provide an Apache HttpClientBuilder configuration callback
    • [Pull 4236] - Issue 4208 - Fails to inject SecurityContext into Helloworld-CDI2-SE example
    • [Pull 4235] - Fix issue with OSGi when having package name starting with "class"
    • [Pull 4234] - Updated HK2 version
    • [Pull 4233] - Enable Spring4 integration test again
    • [Pull 4227] - Using configured executor service for client.
    • [Pull 4225] - Add an option to not register the Jackson's ExceptionMappers by JacksonFeature
    • [Pull 4224] - Upgrade of MP Rest client to 1.3.3.
    • [Pull 4222] - Fix NettyInputStream ByteBuf leak
    • [Pull 4221] - Better specify HK2 and Spring dependencies
    • [Issue 4214] - Jersey with Jackson exposes that fact to a potential attacker sending misformed JSON data
    • [Pull 4212] - Update Apache HTTP Client to 4.5.9
    • [Pull 4206] - Fixed: Various bugs in Helloworld CDI SE Example
    • [Pull 4204] - Prevent race condition in entity filtering
    • [Pull 4203] - Removed invalid email addresses
    • [Pull 4202] - Added support for Apache HTTP Client ConnectionKeepAliveStrategy and ConnectionReuseStrategy
    • [Pull 4201] - Upgrade jetty to version 9.4.17.v20190418
    • [Issue 4200] - JacksonFeature ExceptionMappers leaks implementation details
    • [Issue 4189] - Jersey Entity Filter Threads Racing issue leads to Corrupted Entity Graph and Object Graph
    • [Issue 4187] - Race condition in EntityFiltering
    • [Issue 4184] - Spring5 missing in BOM
    • [Pull 4178] - Fixes #​3997 : Make SupplierFactoryBridge thread-safe.
    • [Issue 4177] - OsgiRegistry classToBundleMapping does not store classes for packages containing .class correctly

    v2.29

    Compare Source

    Issues and Pull Requests

    • [Issue 4158] - Tests in jdk-http fail on windows/jdk8
    • [Pull 4144] - Update Jackson to 2.9.9
    • [Pull 4143] - fix for JAX-RS SPI resource finder
    • [Issue 4134] - Fix ValidationErrorMessageBodyWriter
    • [Issue 4119] - Path annotation of different methods are interfering
    • [Pull 4112] - Filter synthetic methods from the resource - bug #​4005 fix
    • [Issue 4111] - Return a possibility to use HK2 AbstractBinder in Jersey
    • [Issue 4110] - Create a way to better configure Jersey
    • [Issue 4109] - Separate tests depending on jMockit into separate test submodule
    • [Issue 4099] - @​Priority is not always picked up correctly for JAX-RS providers
    • [Issue 4092] - Provider registered to Hk2InjectionManager cannot be process because of incompatible type
    • [Pull 4086] - MP rest client 1.2.1 implementation
    • [Issue 4082] - JerseyClientBuilder modifies Map content during provider registration
    • [Pull 4079] - Update hk2 osgi-resource-locator to latest 1.0.3 version
    • [Issue 4068] - EncodingFilter handles 'Accept-Encoding' header with empty String awkwardly
    • [Pull 4067] - Build core-common on JDK 11
    • [Pull 4055] - Enable @​ConstrainedTo on Features
    • [Issue 3992] - CDI Bean created (but fails) when interface has @​Path annotation
    • [Pull 3983] - Upgrade Netty and expose Netty Context
    • [Pull 3979] - Cleanup old JDK collection compatibility classes
    • [Pull 3844] - MicroProfile REST Client v1.1 support
    • [Issue 3796] - Jersey creates multiple provider instances if a class implements more than one provider interface
    • [Issue 3670] - Broken ParamConverterProvider ordering in 2.26

    • If you want to rebase/retry this PR, click this checkbox.

    @mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label May 12, 2022
    @mend-for-github-com mend-for-github-com bot changed the title Update dependency org.glassfish.jersey.media:jersey-media-json-jackson to v2.30.1 Update dependency org.glassfish.jersey.media:jersey-media-json-jackson to v2.30.1 - autoclosed May 21, 2022
    @mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/org.glassfish.jersey.media-jersey-media-json-jackson-2.x branch May 21, 2022 22:29
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    security fix Security fix generated by WhiteSource
    Projects
    None yet
    Development

    Successfully merging this pull request may close these issues.

    0 participants