You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@beam.apache.org by "Anonymous (Jira)" <ji...@apache.org> on 2023/04/13 10:57:00 UTC
[jira] [Updated] (BEAM-7880) Upgrade Jackson databind to version 2.9.9.3
[ https://issues.apache.org/jira/browse/BEAM-7880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anonymous updated BEAM-7880:
----------------------------
Status: Triage Needed (was: Resolved)
> Upgrade Jackson databind to version 2.9.9.3
> -------------------------------------------
>
> Key: BEAM-7880
> URL: https://issues.apache.org/jira/browse/BEAM-7880
> Project: Beam
> Issue Type: Improvement
> Components: build-system, sdk-java-core
> Reporter: Ismaël Mejía
> Assignee: Ismaël Mejía
> Priority: P0
> Labels: Done
> Fix For: 2.15.0
>
> Time Spent: 3h 10m
> Remaining Estimate: 0h
>
> Jackson databind 2.9.9 and earlier versions have multiple CVEs:
> https://www.cvedetails.com/cve/CVE-2019-12814
> https://www.cvedetails.com/cve/CVE-2019-12384
> https://www.cvedetails.com/cve/CVE-2019-14379
> https://www.cvedetails.com/cve/CVE-2019-14439
--
This message was sent by Atlassian Jira
(v8.20.10#820010)