Version 0.19.10

- Bumped Jackson dependency to version 2.11.0 in response to CVEs: - CVE-2020-9546 - CVE-2020-10672 - CVE-2020-10969 - CVE-2020-11620
Yubico · May 5, 2020 · a43b92f · a43b92f
2 parents d62a851 + fe12da1
commit a43b92f
Show file tree

Hide file tree

Showing 8 changed files with 21 additions and 13 deletions.
diff --git a/NEWS b/NEWS
@@ -1,3 +1,12 @@
+== Version 0.19.10 ==
+
+* Bumped Jackson dependency to version 2.11.0 in response to CVEs:
+ ** CVE-2020-9546
+ ** CVE-2020-10672
+ ** CVE-2020-10969
+ ** CVE-2020-11620
+
+
 == Version 0.19.9 ==
 
 * Bumped Jackson dependency to version 2.9.10.3 in response to CVE-2019-20330 and CVE-2020-8840

diff --git a/build.gradle b/build.gradle
@@ -40,7 +40,7 @@ allprojects  {
   }
 
   group = 'com.yubico'
-  version = '0.19.9'
+  version = '0.19.10'
 
   sourceCompatibility = 1.6
   targetCompatibility = 1.6

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
     <groupId>com.yubico</groupId>
     <artifactId>u2flib-server-parent</artifactId>
     <packaging>pom</packaging>
-    <version>0.19.9</version>
+    <version>0.19.10</version>
     <name>U2F parent</name>
     <description>Java server-side library for U2F</description>
     <properties>

diff --git a/u2flib-server-attestation/pom.xml b/u2flib-server-attestation/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>u2flib-server-parent</artifactId>
         <groupId>com.yubico</groupId>
-        <version>0.19.9</version>
+        <version>0.19.10</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -14,7 +14,7 @@
         <dependency>
             <groupId>com.yubico</groupId>
             <artifactId>u2flib-server-core</artifactId>
-            <version>0.19.9</version>
+            <version>0.19.10</version>
         </dependency>
     </dependencies>
 

diff --git a/u2flib-server-attestation/src/main/java/com/yubico/u2f/attestation/MetadataObject.java b/u2flib-server-attestation/src/main/java/com/yubico/u2f/attestation/MetadataObject.java
@@ -9,7 +9,6 @@
 import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.base.MoreObjects;
-import com.google.common.base.Objects;
 import com.google.common.collect.ImmutableList;
 import com.yubico.u2f.data.messages.json.JsonSerializable;
 import com.yubico.u2f.exceptions.U2fBadInputException;
@@ -24,9 +23,9 @@
 public class MetadataObject extends JsonSerializable {
     private static final TypeReference<Map<String, String>> MAP_STRING_STRING_TYPE = new TypeReference<Map<String, String>>() {
     };
-    private static final TypeReference LIST_STRING_TYPE = new TypeReference<List<String>>() {
+    private static final TypeReference<List<String>> LIST_STRING_TYPE = new TypeReference<List<String>>() {
     };
-    private static final TypeReference LIST_JSONNODE_TYPE = new TypeReference<List<JsonNode>>() {
+    private static final TypeReference<List<JsonNode>> LIST_JSONNODE_TYPE = new TypeReference<List<JsonNode>>() {
     };
 
     private final transient JsonNode data;

diff --git a/u2flib-server-core/build.gradle b/u2flib-server-core/build.gradle
@@ -5,7 +5,7 @@ dependencies {
   compile(
     [group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version:'1.54'],
     [group: 'com.google.guava', name: 'guava', version:'19.0'],
-    [group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:'2.9.10.3'],
+    [group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:'2.11.0'],
   )
 
 }
diff --git a/u2flib-server-core/pom.xml b/u2flib-server-core/pom.xml
@@ -3,7 +3,7 @@
     <parent>
         <artifactId>u2flib-server-parent</artifactId>
         <groupId>com.yubico</groupId>
-        <version>0.19.9</version>
+        <version>0.19.10</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -24,7 +24,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.10.3</version>
+            <version>2.11.0</version>
         </dependency>
     </dependencies>
 </project>
diff --git a/u2flib-server-demo/pom.xml b/u2flib-server-demo/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>u2flib-server-parent</artifactId>
         <groupId>com.yubico</groupId>
-        <version>0.19.9</version>
+        <version>0.19.10</version>
     </parent>
     <artifactId>u2flib-server-demo</artifactId>
     <name>U2F demo</name>
@@ -14,12 +14,12 @@
         <dependency>
             <groupId>com.yubico</groupId>
             <artifactId>u2flib-server-core</artifactId>
-            <version>0.19.9</version>
+            <version>0.19.10</version>
         </dependency>
         <dependency>
             <groupId>com.yubico</groupId>
             <artifactId>u2flib-server-attestation</artifactId>
-            <version>0.19.9</version>
+            <version>0.19.10</version>
         </dependency>
         <dependency>
             <groupId>io.dropwizard</groupId>