From 5563492031a062f4fa5f84e04588ab296eb2133f Mon Sep 17 00:00:00 2001
From: jimin <slievrly@163.com>
Date: Thu, 14 Dec 2023 09:28:32 +0800
Subject: [PATCH] security: upgrade jettison to 1.5.4 (#6145)

---
 changes/en-us/2.x.md                     |  2 +-
 changes/zh-cn/2.x.md                     |  1 +
 dependencies/pom.xml                     | 12 +++++++++++-
 discovery/seata-discovery-eureka/pom.xml |  5 +++++
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
index 449b1bd01f2..3ce3cf1d536 100644
--- a/changes/en-us/2.x.md
+++ b/changes/en-us/2.x.md
@@ -24,7 +24,7 @@ Add changes here for all PR submitted to the 2.x branch.
 - [[#6098](https://github.com/seata/seata/pull/6098)] optimize the retry logic in the acquireMetadata method
 - [[#6034](https://github.com/seata/seata/pull/6034)] using namespace from command line when deployment with helm charts
 - [[#6116](https://github.com/seata/seata/pull/6034)] remove lgtm.com stuff
-
+- [[#6145](https://github.com/seata/seata/pull/6145)] upgrade jettison to 1.5.4
 
 ### security:
 - [[#6069](https://github.com/seata/seata/pull/6069)] Upgrade Guava dependencies to fix security vulnerabilities
diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
index 87126af81d3..cf67b248af0 100644
--- a/changes/zh-cn/2.x.md
+++ b/changes/zh-cn/2.x.md
@@ -27,6 +27,7 @@
 
 ### security:
 - [[#6069](https://github.com/seata/seata/pull/6069)] 升级Guava依赖版本，修复安全漏洞
+- [[#6145](https://github.com/seata/seata/pull/6145)] 升级 jettison依赖版本至1.5.4
 
 ### test:
 - [[#6081](https://github.com/seata/seata/pull/6081)] 添加 `test-os.yml` 用于测试seata在各种操作系统下的运行情况
diff --git a/dependencies/pom.xml b/dependencies/pom.xml
index e35bf7d961c..3617f09ced4 100644
--- a/dependencies/pom.xml
+++ b/dependencies/pom.xml
@@ -51,7 +51,8 @@
         <spring-context-support.version>1.0.2</spring-context-support.version>
         <mock-jedis.version>0.3.0</mock-jedis.version>
         <apollo-client.version>2.0.1</apollo-client.version>
-        <eureka-clients.version>1.10.17</eureka-clients.version>
+        <eureka-clients.version>1.10.18</eureka-clients.version>
+        <jettison.version>1.5.4</jettison.version>
         <consul-clients.version>1.4.2</consul-clients.version>
         <nacos-client.version>1.4.2</nacos-client.version>
         <etcd-client-v3.version>0.5.0</etcd-client-v3.version>
@@ -410,8 +411,17 @@
                         <groupId>javax.servlet</groupId>
                         <artifactId>servlet-api</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.codehaus.jettison</groupId>
+                        <artifactId>jettison</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>org.codehaus.jettison</groupId>
+                <artifactId>jettison</artifactId>
+                <version>${jettison.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.netflix.archaius</groupId>
                 <artifactId>archaius-core</artifactId>
diff --git a/discovery/seata-discovery-eureka/pom.xml b/discovery/seata-discovery-eureka/pom.xml
index ad8c6a42539..82107292b87 100644
--- a/discovery/seata-discovery-eureka/pom.xml
+++ b/discovery/seata-discovery-eureka/pom.xml
@@ -46,6 +46,11 @@
             <groupId>com.thoughtworks.xstream</groupId>
             <artifactId>xstream</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.codehaus.jettison</groupId>
+            <artifactId>jettison</artifactId>
+            <scope>runtime</scope>
+        </dependency>
         <dependency>
             <groupId>com.netflix.archaius</groupId>
             <artifactId>archaius-core</artifactId>