Skip to content

[bot] Merge 26.3 to 26.7#1435

Merged
github-actions[bot] merged 2 commits into
release26.7-SNAPSHOTfrom
26.7_fb_bot_merge_26.3
Jul 7, 2026
Merged

[bot] Merge 26.3 to 26.7#1435
github-actions[bot] merged 2 commits into
release26.7-SNAPSHOTfrom
26.7_fb_bot_merge_26.3

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Generated automatically.
Merging changes from: fea3fdd
Approve all matching PRs simultaneously.
Approval will trigger automatic merge.
Verify all PRs before approving: https://internal.labkey.com/Scrumtime/Backlog/harvest-gitOpenPullRequests.view?branch=26.7_fb_bot_merge_26.3

labkey-martyp and others added 2 commits July 1, 2026 11:49
## Rationale

The 26.3 OWASP Dependency Check build flagged 18 findings: seven CVEs
(CVE-2026-54512 through CVE-2026-54518) against each of Jackson 2.x
(com.fasterxml.jackson.core:jackson-databind 2.21.0) and Jackson 3.x
(tools.jackson.core:jackson-databind 3.1.0), plus CVE-2026-53914 against
the transitive Kotlin jars.

## Related Pull Requests

None.

## Changes

- Bump Jackson 2.x (jacksonVersion, jacksonDatabindVersion,
jacksonJaxrsBaseVersion) to 2.21.4 and jackson3Version to 3.1.4.
- Suppress CVE-2026-53914 for the transitive Kotlin jars (not
applicable: LabKey compiles no Kotlin; the jars are transitive OkHttp
runtime deps).
@github-actions github-actions Bot merged commit 93a5d26 into release26.7-SNAPSHOT Jul 7, 2026
8 checks passed
@github-actions github-actions Bot deleted the 26.7_fb_bot_merge_26.3 branch July 7, 2026 15:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants