Update dependency org.glassfish.jersey.media:jersey-media-json-jackson to v2.41

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.glassfish.jersey.media:jersey-media-json-jackson (source)	compile	minor	2.27 -> 2.41

By merging this PR, the issue #3 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Critical	10.0	CVE-2018-14721
Critical	9.8	CVE-2017-17485
Critical	9.8	CVE-2018-11307
Critical	9.8	CVE-2018-14718
Critical	9.8	CVE-2018-14719
Critical	9.8	CVE-2018-14720
Critical	9.8	CVE-2018-19360
Critical	9.8	CVE-2018-19361
Critical	9.8	CVE-2018-19362
Critical	9.8	CVE-2018-7489
Critical	9.8	CVE-2019-10202
Critical	9.8	CVE-2019-14379
Critical	9.8	CVE-2019-14540
Critical	9.8	CVE-2019-14892
Critical	9.8	CVE-2019-14893
Critical	9.8	CVE-2019-16335
Critical	9.8	CVE-2019-16942
Critical	9.8	CVE-2019-16943
Critical	9.8	CVE-2019-17267
Critical	9.8	CVE-2019-17531
Critical	9.8	CVE-2019-20330
Critical	9.8	CVE-2020-8840
Critical	9.8	CVE-2020-9546
Critical	9.8	CVE-2020-9547
Critical	9.8	CVE-2020-9548
High	8.8	CVE-2020-10672
High	8.8	CVE-2020-10673
High	8.8	CVE-2020-10968
High	8.8	CVE-2020-10969
High	8.8	CVE-2020-11111
High	8.8	CVE-2020-11112
High	8.8	CVE-2020-11113
High	8.1	CVE-2018-5968
High	8.1	CVE-2020-10650
High	8.1	CVE-2020-11619
High	8.1	CVE-2020-11620
High	8.1	CVE-2020-14060
High	8.1	CVE-2020-14061
High	8.1	CVE-2020-14062
High	8.1	CVE-2020-14195
High	8.1	CVE-2020-24616
High	8.1	CVE-2020-24750
High	8.1	CVE-2020-36179
High	8.1	CVE-2020-36180
High	8.1	CVE-2020-36181
High	8.1	CVE-2020-36182
High	8.1	CVE-2020-36183
High	8.1	CVE-2020-36184
High	8.1	CVE-2020-36185
High	8.1	CVE-2020-36186
High	8.1	CVE-2020-36187
High	8.1	CVE-2020-36188
High	8.1	CVE-2020-36189
High	8.1	CVE-2021-20190
High	7.5	CVE-2018-12022
High	7.5	CVE-2018-12023
High	7.5	CVE-2019-12086
High	7.5	CVE-2019-14439
High	7.5	CVE-2020-36518
High	7.5	CVE-2022-42003
High	7.5	CVE-2022-42004
High	7.5	WS-2022-0468
Medium	5.9	CVE-2019-12384
Medium	5.9	CVE-2019-12814

---

Release Notes

eclipse-ee4j/jersey (org.glassfish.jersey.media:jersey-media-json-jackson)

v2.41

Compare Source

[Pull 5294] - HTTP/2 for Jetty connector

[Pull 5296] - HTTP/2 for Jetty container

[Pull 5350] - Using Java7+ NIO API for improved performance

[Pull 5359] - Race condition

[Pull 5364] - Save time by not inspecting configuration for property when in PropertiesDelegate

[Pull 5365] - Update war.plugin to work with jdk 21

[Pull 5373] - Issue #​3493 - backport BeanParams support from 3.x

[Pull 5378] - GraalVM 20.0.1 adaptation

[Pull 5379] - RFC 6570 implementation

[Pull 5387] - Encode curly brackets in proxy client

[Pull 5390] - update license check plugin to the latest released version

[Pull 5391] - Added jersey-micrometer module

[Pull 5392] - Fix nio failures on Windows

[Pull 5393] - Deprecate duplicated methods and fields in MBR/MBW

[Pull 5394] - Allowing using SSLContext supplier per request by the NettyConnector

[Pull 5405] - Prevent Class Cast Exception in cases where two classloaders handle t…

[Pull 5410] - Jetty HTTP2 modules added to the bom/pom.xml

[Pull 5412] - Netty Expect:100-continue feature support

[Pull 5417] - Fix normalizing URIs with percent encoded symbols

[Pull 5418] - ApiDocs fixes

[Pull 5423] - Filter headers for netty HTTP redirect and CONNECT requests

[Pull 5424] - Fix Jackson 15 -> Jackson 2.15

[Pull 5426] - Propagate back-pressure correctly in MP REST Client SSE publisher

[Pull 5427] - UserGuide and example extended for Micrometer integration

[Pull 5431] - Expect:100-continue fixes for Netty

[Pull 5432] - Decode extended filename in multipart content-disposition

[Pull 5435] - Fixing servlet ResponseWriter#writeResponseStatusAndHeaders for error states

[Pull 5436] - Support multipart by Jetty & Netty

[Pull 5440] - Adopt ASM 9.6

[Pull 5442] - Review Netty Connector

[Pull 5443] - proper way of removing a handler (Netty Connector, Expect100ContinueHandler)

[Pull 5444] - ApiDocs bundle fix

[Pull 5445] - Fix query param in UriBuilder

v2.40

Compare Source

[Pull 5298] - Do not encode slash in templates in MP RestClient

[Pull 5299] - Do not completely swallow the cdi exception on error

[Pull 5305] - Adopt ASM 9.5

[Pull 5306] - Support NettyConnector & RequestEntityProcessing.BUFFERED

[Pull 5310] - Better support inheritance in Resource Methods

[Pull 5311] - Changes to InterceptorInvocationContext related to the integration with Helidon

[Pull 5319] - Additional logging for SNI

[Pull 5320] - Guard list of headers for modifications

[Pull 5324] - Handle equals and hashCode on MicroProfile client proxies

[Pull 5326] - Return null instead of throwing exception when querystring parameter is missing

[Pull 5330] - Fix possible NPE in netty client

[Pull 5331] - allow for resource methods to return

[Pull 5335] - Redirect GuardianList#toString to original toString

[Pull 5345] - Allow for setting connector provider via properties

[Pull 5348] - dependencies update

[Pull 5349] - Parametrize ParamConverters to allow throwing IAE

v2.39.1

Compare Source

[Issue 5275] - Compatibility with RestEasy

[Issue 5276] - JettyConnectorProvider does not support JerseyClientBuilder.hostnameVerifier()?

[Pull 5270] - allow custom Content-Length for HEAD method

[Pull 5277] - Updated archetypes and created a test to keep archetype versions up-to-date

[Pull 5278] - Hostname verifier for the Jetty connector

[Pull 5282] - Get media type fix

[Pull 5284] - Support 3rd party instantiators working with @​Context only

v2.39

Compare Source

[Issue 5199] - Apache 5 Proxy Issue

[Issue 5221] - Typo in documentation

[Issue 5225] - CVE for dependency jackson-databind

[Issue 5226] - jersey-media-multipart depends on JUnit - regression

[Pull 5219] - Bundles related adjustments

[Pull 5222] - Typo fix in User Guide

[Pull 5229] - scope fix for JUnit dependency

[Pull 5230] - Jackson version update to 2.14.1

[Pull 5232] - Optional Injection-less client side for SE

[Pull 5241] - Add SNI Support based on Host header

[Pull 5250] - Update to NOTICE files & test

[Pull 5251] - Use useSystemProperties with Apache connectors

[Pull 5256] - Jersey Microprofile RestClient - NullPointerException when a optional…

[Pull 5261] - Warn only when ASM is not capable of handling java classes instead of…

v2.38

Compare Source

[Issue 3383] - jersey-container-jdk-http ignores host and always binds to wildcard address

[Issue 5156] - Question: how to change the configuration of ResourceConfig at runtime?

[Issue 5189] - Exception in Jersey Jetty handler's Host header parsing bubbles up to the top

[Pull 5115] - Dependencies versions update (master)

[Pull 5123] - JUnit bump 4 -> 5

[Pull 5129] - verify license via GitHub actions

[Pull 5136] - Release test: check the staged artifacts are valid

[Pull 5161] - Fix Container#reload

[Pull 5163] - Update JdkHttpServerFactory.java

[Pull 5165] - warn less (just once for all clients) about missing providers

[Pull 5174] - Adopt ASM 9.4

[Pull 5175] - Remove Guava under version 24

[Pull 5178] - Better @​Inject support. For servlet classes, a qualifier is used.

[Pull 5185] - add dependencyConvergence rule to the maven-enforcer-plugin

[Pull 5186] - CI timeout extended to 30 HOURS

[Pull 5191] - Exception in Jersey Jetty handler's Host header parsing bubbles up to the top

[Pull 5194] - Fix optionals when empty

[Pull 5195] - Call tearDown to prevent Address already in use

[Pull 5198] - SSLHandshake No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

[Pull 5201] - bump Eclipse's parent pom to 1.0.8

[Pull 5205] - Add caching and improve performance

[Pull 5206] - Use Java 11 InputStream::readAllBytes to read String entities

[Pull 5207] - Fix alignment in the doc

[Pull 5208] - Fix FORM_PARAM_CONSUMED warning

[Pull 5211] - Store InvocationBuilderListenerStage into Runtime not to look up

[Pull 5212] - faster RuntimeType.toLowerCase in PropertiesHelper

v2.37

Compare Source

[Pull 5090] - Support GSON media

[Pull 5091] - Support ClientProperties.PROXY_URI & al in HttpUrlConnector

[Pull 5095] - Move Proxy parsing logic from connectors to a common class

[Pull 5101] - [grizzly] Expose `start` argument while providing `parentContext`

[Pull 5105] - Support CompletionStage

[Pull 5109] - Abort JettyRequest when the response Future is completed exceptionally

[Pull 5111] - FISH-5723 Fixes WebappClassloader memory-leak issue by removing JAXRS…

[Pull 5114] - Change JettyConnector 'readTimeout' behavior to match socket read tim…

[Pull 5122] - Fix OSGi headers for CDI & MP Jersey modules to be compatible with EE8

[Pull 5124] - Support JDK19

[Pull 5127] - Eclipse Dash license check profile

[Pull 5132] - Mark jaxrs-ri bundle as multi-release

[Pull 5137] - Fix test issues

[Pull 5139] - Additional OSGi headers

[Pull 5145] - Updated JettyClientProperties#TOTAL_TIMEOUT related documentation.

v2.36

Compare Source

[Issue 4781] - Bug Report: CDI tries to instantiate interface (Jersey 2.30)

[Issue 4851] - NettyConnectorProvider (jersey-netty-connector) is throwing an exception with inactive_pooled_connection_handler error

[Issue 4897] - Add support for Apache HTTP Client 5.x

[Issue 4978] - Netty Connector proxy handler to support JDK's options

[Issue 5014] - Redact HTTP headers on LoggingFeature

[Issue 5036] - ClassCastException if loaded by different class loaders in OSGi runtime

[Issue 5052] - Make JacksonFeature configurable

[Pull 4812] - Remove com.sun.org.apache.xml.internal

[Pull 4847] - Bug Report: CDI tries to instantiate interface (Jersey 2.30)

[Pull 4854] - NettyConnectorProvider (jersey-netty-connector) is throwing an except…

[Pull 4886] - Update Directory Maven Plugin to work with maven 3.8.x

[Pull 4887] - modulelist maven plugin refactoring

[Pull 4918] - Better handling of MicroProfile Rest Client Proxies

[Pull 4924] - Refactor processResponseError in ServerRuntime

[Pull 4928] - Adopt Jackson 2.13

[Pull 4933] - Replace usage of deprecated beanManager.createInjectionTarget

[Pull 4939] - Prevent loading Feature/DynamicFeature services multiple times.

[Pull 4948] - Add OSGi headers to MP Config module

[Pull 4950] - Apache httpclient 5

[Pull 4954] - Cache a lazy reference to OSGi registry instance

[Pull 4957] - Fix OSGi tests on JDK 17

[Pull 4962] - convert Long,long,Integer,int values to Long/Integer types

[Pull 4967] - extended condition not to add the content-length header negative

[Pull 4968] - Enable percent encoding servlet context path and servlet path

[Pull 4969] - Exclude unix protocols from request processing in closing strategy

[Pull 4972] - fix broken license url for asm objectweb

[Pull 4975] - Fix broken license url for asm objectweb for core-server

[Pull 4980] - Remove innate packages from javadoc documentation

[Pull 4982] - Allow for passing in additional property files to configure additional configs

[Pull 5003] - Fix logging delimiter parameterization

[Pull 5007] - Fix regression on LoggingFeature's max entity size

[Pull 5010] - honor @​Vetoed on a bean

[Pull 5018] - Update Xerces to prevent CVEs

[Pull 5024] - Fixed NullpointerException when getting methodtree

[Pull 5025] - Redact HTTP headers on LoggingFeature

[Pull 5028] - Enhancement for docprocessor

[Pull 5032] - Adopt spring 5.3.18

[Pull 5034] - Update Netty to 4.1.75

[Pull 5035] - Blocked thread if WebApplicationException is reused. #​4097

[Pull 5038] - reduce usage of Guava

[Pull 5039] - Release MessageBodyWorkers when Response gets closed.

[Pull 5041] - Adopt ASM 9.3

[Pull 5044] - Do not trim stacktrace in case of an exception

[Pull 5046] - Support null PROXY_USERNAME

[Pull 5048] - Netty Connector doesn't support Followredirects

[Pull 5051] - For OSGi services lookup use only classes assignable from service class

[Pull 5055] - Updated documentation and javadoc for Connectors

[Pull 5059] - Add Apache 5 connector to client tests

[Pull 5060] - Update hamcrest to the latest

[Pull 5068] - Prevent LoggingFeature timeout on context#hasEntity for HEADERS_ONLY

[Pull 5070] - Remove Spring 4 from Bom pom

[Pull 5071] - Update Netty proxy settings

[Pull 5074] - Make JacksonFeature configurable

[Pull 5076] - Update Jackson to 2.13.3

[Pull 5078] - Dependencies versions update

v2.35

Compare Source

[Issue 4742] - Connection timeout the double of what is configured

[Issue 4748] - Exception in Jersey Jetty handler's URL parsing bubbles up to the top

[Issue 4773] - NullPointerException in HeaderUtils.getPreferredCookie

[Pull 4779] - Enable to use @​Context in constructors of classes instantiated by CDI

[Pull 4783] - Support more optionals

[Pull 4784] - Bump commons-io from 2.2 to 2.7 in /test-framework/maven/custom-enforcer-rules

[Pull 4785] - JDK16 Support

[Pull 4789] - Make @​Singleton to be singleton with CDI integration

[Pull 4792] - Update groovy to work with jdk17

[Pull 4795] - Fix issue NullPointerException in HeaderUtils.getPreferredCookie #​4773

[Pull 4799] - Support custom parameter types with `Optional`

[Pull 4800] - Helloworld example extendned by GraalVM native-image generation

[Pull 4802] - User Guide: GraalVM/native-image chapter

[Pull 4803] - GraalVM native-image jersey-client module

[Pull 4809] - handle URISyntaxException in JettyHttpContainer

[Pull 4811] - Connection timeout the double of what is configured

[Pull 4816] - CI env for Jenkins

[Pull 4820] - CI env for Jenkins

[Pull 4821] - Jdk connector dead lock

[Pull 4822] - New CDI based EE injection manager incubating implementation.

[Pull 4823] - Issue4810

[Pull 4824] - JerseyTest is not compatible with JUnit 5

[Pull 4829] - ParamConverters cleanup

[Pull 4832] - Bump ant from 1.10.9 to 1.10.11

[Pull 4833] - Allow Feature and Dynamic feature as a JDK services

[Pull 4835] - Prevent NoSuchMethodError when used MP Rest Client 1.4 API & CDI

[Pull 4836] - Updated ASM to 9.2

[Pull 4837] - add possibility to use entity with http method Options in requests according to the RFC 7231

[Pull 4845] - Cache Application#getSingletons not be called twice

[Pull 4846] - Updated versions in 2.x

[Pull 4848] - System properties config for TimeWindowStatisticsImplTest

v2.34

Compare Source

[Issue 4646] - Jetty connector client response buffer is hard limited to 2MB

[Issue 4649] - SseEventSource cannot see the JAXRS_DEFAULT_SSE_BUILDER in OSGI

[Issue 4651] - Add a ParamConverterProvider for java.util.Optional parameters

[Issue 4654] - MicroProfile Rest Client 2.0 support

[Issue 4665] - Hk2RequestScope.Instance logger is not static

[Issue 4678] - JdkConnectorProvider cannot parse Set-cookie header value when expires attribute is present

[Issue 4683] - Setting ExecutorService causes connection leak

[Issue 4694] - NettyConnector fixups

[Issue 4717] - Add tests for newly updated Jersey classes by RestClient

[Issue 4722] - Jersey 3.0.1 no longer defaults to */* consumes

[Issue 4723] - Jackson module auto-discovery sets Jaxb Annotation Introspector as primary

[Issue 4734] - Print request/response logs in a single line

[Pull 4618] - Groovy jdk 16

[Pull 4639] - Chapter for Expect:100-continue header (client)

[Pull 4647] - Add support RFC 5987 for attribute filename* in HTTP header Content-Disposition

[Pull 4662] - #​4658 Apache HttpComponents upgrade

[Pull 4675] - Make logger static into Hk2RequestScope.Instance class

[Pull 4677] - Jetty synchronous max buffer size property

[Pull 4680] - 2.x apidocs bundle generation fixes

[Pull 4681] - JdkConnectorProvider cannot parse Set-cookie header value when expires

[Pull 4682] - Public SseEventSourceBuilder implementation

[Pull 4684] - Add a ParamConverterProvider for array support

[Pull 4690] - Add a ParamConverterProvider for java.util.Optional parameters

[Pull 4695] - Allow for having CDI on pure Jersey Client without Jersey Server

[Pull 4697] - Stop filling monitoring queues when processor fails

[Pull 4699] - MicroProfile Rest Client 2.0 support

[Pull 4704] - Updated javadoc maven plugin API link

[Pull 4705] - Do not create a connector multiple times for each rx() call

[Pull 4707] - Configurable COLLISION_BUFFER_POWER

[Pull 4710] - Adjusting Jersey archetypes

[Pull 4712] - switching to NIO tmp file creation approach

[Pull 4714] - update maven-antrun-plugin to 3.0.0

[Pull 4716] - Custom schedulers to execute @​PreDestroy methods

[Pull 4720] - Updating ant to 1.10.9 for antrun plugin

[Pull 4724] - Rest client 2.0 updates

[Pull 4728] - Add a wildcard @​Produces and @​Consumes...

[Pull 4729] - Empty/NULL properties handling

[Pull 4731] - processing order for Jackson/Jaxb annotations

[Pull 4732] - adjusting examples to be run with optional JAXB

[Pull 4745] - Logging delimiter parametrized

[Pull 4749] - Allow to use @​Inject instead of @​Context with CDI

[Pull 4753] - Proper handling of chunked input streams in LoggingInterceptor

[Pull 4754] - Adopt ASM 9.1 to support JDK 17

[Pull 4758] - Adopted Jackson 2.12.2. No change in repackaged Jackson.

[Pull 4762] - Replace null Configuration in ContainerRequest with an empty instance

[Pull 4764] - Lazy synchronized SSL Context initialization in the HttpUrlConnector

[Pull 4766] - Add a default Enum MB provider.

[Pull 4769] - Updated properties for netty connection pooling

[Pull 4770] - Javadoc for non-public classes (cdi-rs-inject)

v2.33

Compare Source

[Pull 4566] - Fix custom SSLSocketFactory not being set because of an unsafe lazy-initialization in JDK

[Pull 4573] - Support for SSL Configuration within JerseyTest

[Pull 4593] - Rest client inbound headers provider added

[Pull 4605] - Bump junit from 4.12 to 4.13.1

[Pull 4611] - Create PropertiesClass for external properties (http.proxyHost, http.proxyPort, http.nonProxyHosts)

[Pull 4612] - Adopt Jackson 2.11.3

[Pull 4613] - HttpUrlConnector extension

[Pull 4614] - NettyConnector connection close

[Pull 4615] - Allow for org.glassfish.jersey.servlet.ServletContainer in web.xml

[Pull 4623] - full clear of NettyInputStream

[Pull 4634] - Make JAX-B API optional

[Pull 4641] - Support for new property to ignore responses in exceptions thrown by the Client API

[Pull 4643] - Enable CompletionStage unwrap in MBW

[Pull 4648] - Keep ordering of classes and instances retrieved from ComponentBag

[Pull 4663] - Modify OSGi Jackson requirement to be compatible with GF 5.1

v2.32

Compare Source

[Issue 4462] - InvocationInterceptors only used once when registered on a Client.

[Issue 4493] - ChunkedOutput race condition

[Issue 4500] - JerseyEventSink shouln't throw exceptions in Flow.Subscriber methods

[Issue 4501] - SSE Endpoint should be able to inject Flow.Subscriber

[Issue 4507] - Intermittent HK2 ServiceLocatorImpl has been shut down

[Issue 4522] - org.glassfish.jersey.logging.LoggingInterceptor.LoggingStream does not override write(byte[] b, int off, int len)

[Issue 4533] - “NoSuchMethodErrors” due to multiple versions of org.apache.maven:maven-artifact:jar

[Issue 4536] - Missing Expect header and 100-continue handling in Jersey Client

[Issue 4538] - Features are executed in random order

[Issue 4542] - Loose dependency in CompositeInjectingConstraintValidatorFactory

[Issue 4548] - Netty connector timeouts are not heeded

[Pull 4485] - Note the subscription to email list and Twitter link in Readme

[Pull 4498] - Fix resources in containers

[Pull 4502] - Added Documentation for JSON-B support

[Pull 4503] - SSE Flow.Subscriber injectable as event sink

[Pull 4506] - Clean unused dependencies

[Pull 4508] - Fix intermittent premature ClientRuntime finalization

[Pull 4511] - Fixed HK2 AbstractActiveDescriptor Test

[Pull 4512] - project-info plugin configuration

[Pull 4514] - Implemented ClientBuilderListener

[Pull 4520] - Test Gzip + JSP

[Pull 4523] - Response.hasEntity to return true if buffered after readEntity

[Pull 4525] - Allow concurrent Exception to be unwrapped for the ExceptionMapper

[Pull 4526] - Regexp on MP RestClient @​Path

[Pull 4528] - Support TLSv1.3

[Pull 4531] - Fix #​4522 - override write method in LoggingStream

[Pull 4540] - Allow for specifying Feature processing order

[Pull 4541] - Make Kryo use setRegistrationRequired(true) by default

[Pull 4543] - Rest client update to version 1.4.1

[Pull 4559] - Updating maven-javadoc-pugin to 3.2.0

[Pull 4561] - JAX-RS link fixes (new apidocs location)

[Pull 4567] - updateing dependencies for jersey-doc-modulelist-maven-plugin

[Pull 4569] - Use Helidon Connector from Helidon

[Pull 4571] - Prevent race condition in ChunkedOutput

[Pull 4574] - Fix issue with optional CDI in BV module

[Pull 4576] - Expect:100-Continue header handling

[Pull 4577] - RestClientListener call switched

[Pull 4578] - TimeOut property for Netty Connector

[Pull 4579] - attributeValue NPE handling

[Pull 4580] - Put Helidon Properties file back

[Pull 4581] - Support Apache HttpEntity as an entity type when using Apache Connector

[Pull 4582] - Add Helidon module to bom pom and remove Jackson 1

v2.31

Compare Source

[Issue 4362] - Upgrade Hibernate Validator to 6.1.0.Final

[Issue 4458] - ApacheConnector force the useSystemProperties flag to false

[Pull 4375] - Fixed #​3801 - inject cdi into custom validator

[Pull 4414] - Use standard pom.xml structure in tests/integration/microprofile

[Pull 4415] - Use request scope ClientProperties.READ_TIMEOUT in Jetty && Netty<