security: upgrade jettison to 1.5.4

apache · Dec 13, 2023 · 8e6153f · 8e6153f
1 parent 8984880
commit 8e6153f
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 2 deletions.
diff --git a/changes/en-us/2.x.md b/changes/en-us/2.x.md
@@ -24,7 +24,7 @@ Add changes here for all PR submitted to the 2.x branch.
 - [[#6098](https://github.com/seata/seata/pull/6098)] optimize the retry logic in the acquireMetadata method
 - [[#6034](https://github.com/seata/seata/pull/6034)] using namespace from command line when deployment with helm charts
 - [[#6116](https://github.com/seata/seata/pull/6034)] remove lgtm.com stuff
-
+- [[#6145](https://github.com/seata/seata/pull/6145)] upgrade jettison to 1.5.4
 
 ### security:
 - [[#6069](https://github.com/seata/seata/pull/6069)] Upgrade Guava dependencies to fix security vulnerabilities

diff --git a/changes/zh-cn/2.x.md b/changes/zh-cn/2.x.md
@@ -27,6 +27,7 @@
 
 ### security:
 - [[#6069](https://github.com/seata/seata/pull/6069)] 升级Guava依赖版本，修复安全漏洞
+- [[#6145](https://github.com/seata/seata/pull/6145)] 升级 jettison依赖版本至1.5.4
 
 ### test:
 - [[#6081](https://github.com/seata/seata/pull/6081)] 添加 `test-os.yml` 用于测试seata在各种操作系统下的运行情况

diff --git a/dependencies/pom.xml b/dependencies/pom.xml
@@ -51,7 +51,8 @@
         <spring-context-support.version>1.0.2</spring-context-support.version>
         <mock-jedis.version>0.3.0</mock-jedis.version>
         <apollo-client.version>2.0.1</apollo-client.version>
-        <eureka-clients.version>1.10.17</eureka-clients.version>
+        <eureka-clients.version>1.10.18</eureka-clients.version>
+        <jettison.version>1.5.4</jettison.version>
         <consul-clients.version>1.4.2</consul-clients.version>
         <nacos-client.version>1.4.2</nacos-client.version>
         <etcd-client-v3.version>0.5.0</etcd-client-v3.version>
@@ -410,8 +411,17 @@
                         <groupId>javax.servlet</groupId>
                         <artifactId>servlet-api</artifactId>
                     </exclusion>
+                    <exclusion>
+                        <groupId>org.codehaus.jettison</groupId>
+                        <artifactId>jettison</artifactId>
+                    </exclusion>
                 </exclusions>
             </dependency>
+            <dependency>
+                <groupId>org.codehaus.jettison</groupId>
+                <artifactId>jettison</artifactId>
+                <version>${jettison.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.netflix.archaius</groupId>
                 <artifactId>archaius-core</artifactId>

diff --git a/discovery/seata-discovery-eureka/pom.xml b/discovery/seata-discovery-eureka/pom.xml
@@ -46,6 +46,11 @@
             <groupId>com.thoughtworks.xstream</groupId>
             <artifactId>xstream</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.codehaus.jettison</groupId>
+            <artifactId>jettison</artifactId>
+            <scope>runtime</scope>
+        </dependency>
         <dependency>
             <groupId>com.netflix.archaius</groupId>
             <artifactId>archaius-core</artifactId>