jackson-databind 2.14.0-1 source package in Ubuntu
Changelog
jackson-databind (2.14.0-1) unstable; urgency=medium
* New upstream version 2.14.0.
- Fix CVE-2022-42003:
Resource exhaustion can occur because of a lack of a check in primitive
value deserializers to avoid deep wrapper array nesting, when the
UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
- Fix CVE-2022-42004:
Resource exhaustion can occur because of a lack of a check in
BeanDeserializer._deserializeFromArray to prevent use of deeply nested
arrays. An application is vulnerable only with certain customized choices
for deserialization.
* Declare compliance with Debian Policy 4.6.1.
-- Markus Koschany <email address hidden> Fri, 11 Nov 2022 23:19:39 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Mantic | release | universe | misc | |
| Lunar | release | universe | misc |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| jackson-databind_2.14.0-1.dsc | 2.4 KiB | f18fa756a7d033d1576dab07458afc0689b74e19294b9bc686938b8eef66878e |
| jackson-databind_2.14.0.orig.tar.xz | 1.1 MiB | ec086218027c3ecf235fcda042bf04d87b4178ee225f0633f062cd20e64f74a9 |
| jackson-databind_2.14.0-1.debian.tar.xz | 5.6 KiB | 80d00d3ed7ca5c02f624b692fb52fc2280897137f0d25155ef6d58d3bed8dbb8 |
Available diffs
- diff from 2.13.2.2-1 to 2.14.0-1 (121.9 KiB)
No changes file available.
Binary packages built by this source
- libjackson2-databind-java: fast and powerful JSON library for Java -- data binding
The Jackson Data Processor is a multi-purpose Java library for processing
JSON. Jackson aims to be the best possible combination of fast, correct,
lightweight, and ergonomic for developers. It offers three alternative methods
for processing JSON:
.
* Streaming API inspired by StAX
* Tree Model
* Data Binding converts JSON to and from POJOs
.
In addition to the core library, there are numerous extension that provide
additional functionality such as additional data formats beyond JSON,
additional data types or JVM languages.
.
This package contains general purpose data-binding functionality for data
formats other than JSON.
