Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) (#4779) (#4781)

* Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) (#4779)

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>

Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
(cherry picked from commit 12f26d3)

* Update changelog

Signed-off-by: Kunal Kotwani <kkotwani@amazon.com>

Signed-off-by: Kunal Kotwani <kkotwani@amazon.com>
Co-authored-by: Andriy Redko <andriy.redko@aiven.io>

Author: kotwanikunal

CHANGELOG.md

@@ -22,7 +22,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Bumps `com.diffplug.spotless` from 6.9.1 to 6.10.0
 - Bumps `xmlbeans` from 5.1.0 to 5.1.1
 - Bumps `hadoop-hdfs` from 3.3.3 to 3.3.4
-
 ### Changed
 - Dependency updates (httpcore, mockito, slf4j, httpasyncclient, commons-codec) ([#4308](https://github.com/opensearch-project/OpenSearch/pull/4308))
 - Use RemoteSegmentStoreDirectory instead of RemoteDirectory ([#4240](https://github.com/opensearch-project/OpenSearch/pull/4240))
@@ -33,11 +32,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Load the deprecated master role in a dedicated method instead of in setAdditionalRoles() ([#4582](https://github.com/opensearch-project/OpenSearch/pull/4582))
 - Plugin ZIP publication groupId value is configurable ([#4156](https://github.com/opensearch-project/OpenSearch/pull/4156))
 - Further simplification of the ZIP publication implementation ([#4360](https://github.com/opensearch-project/OpenSearch/pull/4360))
-
 ### Deprecated
-
 ### Removed
-
 ### Fixed
 - `opensearch-service.bat start` and `opensearch-service.bat manager` failing to run ([#4289](https://github.com/opensearch-project/OpenSearch/pull/4289))
 - PR reference to checkout code for changelog verifier ([#4296](https://github.com/opensearch-project/OpenSearch/pull/4296))
@@ -64,7 +60,6 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ### Security
 - CVE-2022-25857 org.yaml:snakeyaml DOS vulnerability ([#4341](https://github.com/opensearch-project/OpenSearch/pull/4341))
-
 ## [2.x]
 ### Added
 - Github workflow for changelog verification ([#4085](https://github.com/opensearch-project/OpenSearch/pull/4085))
@@ -79,14 +74,12 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - Add BWC version 1.3.7 ([#4709](https://github.com/opensearch-project/OpenSearch/pull/4709))
 - Bump `jettison` from 1.4.1 to 1.5.1 ([#4717](https://github.com/opensearch-project/OpenSearch/pull/4717))
 - Set analyzer to regex query string search ([4219](https://github.com/opensearch-project/OpenSearch/pull/4219))
-
+### Dependencies
+- Update Jackson Databind to 2.13.4.2 (addressing CVE-2022-42003) ([#4781](https://github.com/opensearch-project/OpenSearch/pull/4781))
 ### Changed
-
 ### Deprecated
-
 ### Removed
 - Remove RepositoryData.MIN_VERSION support for next major release ([4729](https://github.com/opensearch-project/OpenSearch/pull/4729))
-
 ### Fixed
 - PR reference to checkout code for changelog verifier ([#4296](https://github.com/opensearch-project/OpenSearch/pull/4296))
 - Restore using the class ClusterInfoRequest and ClusterInfoRequestBuilder from package 'org.opensearch.action.support.master.info' for subclasses ([#4324](https://github.com/opensearch-project/OpenSearch/pull/4324))
@@ -99,9 +92,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Segment Replication] Fix timeout issue by calculating time needed to process getSegmentFiles ([#4434](https://github.com/opensearch-project/OpenSearch/pull/4434))
 - [Segment Replication] Update replicas to commit SegmentInfos instead of relying on segments_N from primary shards ([#4450](https://github.com/opensearch-project/OpenSearch/pull/4450))
 - [Segment Replication] Adding check to make sure checkpoint is not processed when a shard's shard routing is primary ([#4716](https://github.com/opensearch-project/OpenSearch/pull/4716))
-
 ### Security
 
-
 [Unreleased]: https://github.com/opensearch-project/OpenSearch/compare/2.2.0...HEAD
 [2.x]: https://github.com/opensearch-project/OpenSearch/compare/2.2.0...2.x

buildSrc/version.properties

@@ -10,7 +10,7 @@ bundled_jdk = 17.0.4+8
 spatial4j         = 0.7
 jts               = 1.15.0
 jackson           = 2.13.4
-jackson_databind  = 2.13.4
+jackson_databind  = 2.13.4.2
 snakeyaml         = 1.32
 icu4j             = 70.1
 supercsv          = 2.4.0

distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

distribution/tools/upgrade-cli/licenses/jackson-databind-2.13.4.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

modules/ingest-geoip/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

modules/ingest-geoip/licenses/jackson-databind-2.13.4.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

plugins/discovery-ec2/licenses/jackson-databind-2.13.4.2.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585

plugins/discovery-ec2/licenses/jackson-databind-2.13.4.jar.sha1

@@ -0,0 +1 @@
+325c06bdfeb628cfb80ebaaf1a26cc1eb558a585