Upgraded jackson-databind lib to remove sec vulnerabilities. (#271)

* Upgraded jackson-databind lib to remove sec vulnerabilities.

Author: marcin-cebo

.pubnub.yml

@@ -1,9 +1,9 @@
 name: java
-version: 6.3.2
+version: 6.3.3
 schema: 1
 scm: github.com/pubnub/java
 files:
-  - build/libs/pubnub-gson-6.3.2-all.jar
+  - build/libs/pubnub-gson-6.3.3-all.jar
 sdks:
   - 
       type: library
@@ -23,8 +23,8 @@ sdks:
             -
               distribution-type: library
               distribution-repository: GitHub
-              package-name: pubnub-gson-6.3.2
-              location: https://github.com/pubnub/java/releases/download/v6.3.2/pubnub-gson-6.3.2-all.jar
+              package-name: pubnub-gson-6.3.3
+              location: https://github.com/pubnub/java/releases/download/v6.3.3/pubnub-gson-6.3.3-all.jar
               supported-platforms:
                 supported-operating-systems:
                   Android:
@@ -135,8 +135,8 @@ sdks:
             -
               distribution-type: library
               distribution-repository: maven 
-              package-name: pubnub-gson-6.3.2
-              location: https://repo.maven.apache.org/maven2/com/pubnub/pubnub-gson/6.3.2/pubnub-gson-6.3.2.jar
+              package-name: pubnub-gson-6.3.3
+              location: https://repo.maven.apache.org/maven2/com/pubnub/pubnub-gson/6.3.3/pubnub-gson-6.3.3.jar
               supported-platforms:
                 supported-operating-systems:
                   Android:
@@ -234,6 +234,11 @@ sdks:
                   is-required: Required
 
 changelog:
+  - date: 2023-03-06
+    version: v6.3.3
+    changes:
+      - type: bug
+        text: "Upgraded jackson-databind lib to remove security vulnerabilities."
   - date: 2023-02-23
     version: v6.3.2
     changes:

CHANGELOG.md

@@ -1,3 +1,9 @@
+## v6.3.3
+March 06 2023
+
+#### Fixed
+- Upgraded jackson-databind lib to remove security vulnerabilities.
+
 ## v6.3.2
 February 23 2023
 

README.md

@@ -22,13 +22,13 @@ You will need the publish and subscribe keys to authenticate your app. Get your
      <dependency>
        <groupId>com.pubnub</groupId>
        <artifactId>pubnub-gson</artifactId>
-       <version>6.3.2</version>
+       <version>6.3.3</version>
      </dependency>
      ```
 
    * for Gradle, add the following dependency in your `gradle.build`:
      ```groovy
-     implementation 'com.pubnub:pubnub-gson:6.3.2'
+     implementation 'com.pubnub:pubnub-gson:6.3.3'
      ```
 
 2. Configure your keys:

build.gradle

@@ -10,7 +10,7 @@ plugins {
 }
 group = 'com.pubnub'
 
-version = '6.3.2'
+version = '6.3.3'
 
 description = """"""
 
@@ -56,8 +56,8 @@ dependencies {
     implementation group: 'com.squareup.retrofit2', name: 'converter-gson', version: '2.6.2'
 
     // cbor
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.3'
-    implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.13.3'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.14.2'
+    implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.14.2'
 
     implementation 'org.jetbrains:annotations:23.0.0'
 

gradle.properties

@@ -3,7 +3,7 @@ SONATYPE_HOST=DEFAULT
 SONATYPE_AUTOMATIC_RELEASE=true
 GROUP=com.pubnub
 POM_ARTIFACT_ID=pubnub-gson
-VERSION_NAME=6.3.2
+VERSION_NAME=6.3.3
 POM_PACKAGING=jar
 
 POM_NAME=PubNub Java SDK

src/main/java/com/pubnub/api/PubNub.java

@@ -105,7 +105,7 @@ public class PubNub {
     private static final int TIMESTAMP_DIVIDER = 1000;
     private static final int MAX_SEQUENCE = 65535;
 
-    private static final String SDK_VERSION = "6.3.2";
+    private static final String SDK_VERSION = "6.3.3";
     private final ListenerManager listenerManager;
     private final StateManager stateManager;
 

src/test/java/com/pubnub/api/PubNubTest.java

@@ -100,7 +100,7 @@ public void getVersionAndTimeStamp() {
         pubnub = new PubNub(pnConfiguration);
         String version = pubnub.getVersion();
         int timeStamp = pubnub.getTimestamp();
-        Assert.assertEquals("6.3.2", version);
+        Assert.assertEquals("6.3.3", version);
         Assert.assertTrue(timeStamp > 0);
     }