From 5bceeb2f28e49dc5df31eb05fecdb1a035fd5e8e Mon Sep 17 00:00:00 2001 From: Tatu Saloranta Date: Mon, 5 Apr 2021 16:17:44 -0700 Subject: [PATCH] Update Woodstox to 6.2.5, resolved #463 and #465 --- pom.xml | 2 +- release-notes/CREDITS-2.x | 8 ++++++++ release-notes/VERSION-2.x | 4 ++++ .../xml/{failing => fuzz}/Fuzz463_32872_XmlDeclTest.java | 2 +- .../{failing => fuzz}/Fuzz465_32906_CDataReadTest.java | 2 +- 5 files changed, 15 insertions(+), 3 deletions(-) rename src/test/java/com/fasterxml/jackson/dataformat/xml/{failing => fuzz}/Fuzz463_32872_XmlDeclTest.java (94%) rename src/test/java/com/fasterxml/jackson/dataformat/xml/{failing => fuzz}/Fuzz465_32906_CDataReadTest.java (92%) diff --git a/pom.xml b/pom.xml index 5786916e0..9f0365bcd 100644 --- a/pom.xml +++ b/pom.xml @@ -86,7 +86,7 @@ alternative support for serializing POJOs as XML and deserializing XML as pojos. com.fasterxml.woodstox woodstox-core - 6.2.4 + 6.2.5 javax.xml.stream diff --git a/release-notes/CREDITS-2.x b/release-notes/CREDITS-2.x index ddd71bbcc..fd67479b8 100644 --- a/release-notes/CREDITS-2.x +++ b/release-notes/CREDITS-2.x @@ -155,3 +155,11 @@ Westin Miller (westinrm@github) * Contributed #456: Fix JsonAlias with unwrapped lists (2.12.3) + +Fabian Meumertzheim (fmeum@github) + +* Reported #463: NPE via boundary condition, document with only XML declaration + (2.13.0) +* Reported #465: ArrayIndexOutOfBoundsException in UTF8Reader (ossfuzz) + (2.13.0) + diff --git a/release-notes/VERSION-2.x b/release-notes/VERSION-2.x index 6b741acfd..f640527b1 100644 --- a/release-notes/VERSION-2.x +++ b/release-notes/VERSION-2.x @@ -10,6 +10,10 @@ Project: jackson-dataformat-xml (reported by richardsonwk@github) #462: Remove `jackson-module-jaxb-annotations` runtime dependency (leave as a test dep) +#463: NPE via boundary condition, document with only XML declaration + (reported by Fabian M) +#465: ArrayIndexOutOfBoundsException in UTF8Reader (ossfuzz) + (reported by Fabian M) 2.12.3 (not yet released) diff --git a/src/test/java/com/fasterxml/jackson/dataformat/xml/failing/Fuzz463_32872_XmlDeclTest.java b/src/test/java/com/fasterxml/jackson/dataformat/xml/fuzz/Fuzz463_32872_XmlDeclTest.java similarity index 94% rename from src/test/java/com/fasterxml/jackson/dataformat/xml/failing/Fuzz463_32872_XmlDeclTest.java rename to src/test/java/com/fasterxml/jackson/dataformat/xml/fuzz/Fuzz463_32872_XmlDeclTest.java index 4240d8711..c88f50a92 100644 --- a/src/test/java/com/fasterxml/jackson/dataformat/xml/failing/Fuzz463_32872_XmlDeclTest.java +++ b/src/test/java/com/fasterxml/jackson/dataformat/xml/fuzz/Fuzz463_32872_XmlDeclTest.java @@ -1,4 +1,4 @@ -package com.fasterxml.jackson.dataformat.xml.failing; +package com.fasterxml.jackson.dataformat.xml.fuzz; import java.nio.charset.StandardCharsets; diff --git a/src/test/java/com/fasterxml/jackson/dataformat/xml/failing/Fuzz465_32906_CDataReadTest.java b/src/test/java/com/fasterxml/jackson/dataformat/xml/fuzz/Fuzz465_32906_CDataReadTest.java similarity index 92% rename from src/test/java/com/fasterxml/jackson/dataformat/xml/failing/Fuzz465_32906_CDataReadTest.java rename to src/test/java/com/fasterxml/jackson/dataformat/xml/fuzz/Fuzz465_32906_CDataReadTest.java index 38b08ba4e..82250565c 100644 --- a/src/test/java/com/fasterxml/jackson/dataformat/xml/failing/Fuzz465_32906_CDataReadTest.java +++ b/src/test/java/com/fasterxml/jackson/dataformat/xml/fuzz/Fuzz465_32906_CDataReadTest.java @@ -1,4 +1,4 @@ -package com.fasterxml.jackson.dataformat.xml.failing; +package com.fasterxml.jackson.dataformat.xml.fuzz; import com.fasterxml.jackson.core.exc.StreamReadException; import com.fasterxml.jackson.databind.JsonNode;