You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@beam.apache.org by "Anonymous (Jira)" <ji...@apache.org> on 2023/04/13 10:57:00 UTC

[jira] [Updated] (BEAM-7880) Upgrade Jackson databind to version 2.9.9.3

     [ https://issues.apache.org/jira/browse/BEAM-7880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anonymous updated BEAM-7880:
----------------------------
    Status: Triage Needed  (was: Resolved)

> Upgrade Jackson databind to version 2.9.9.3
> -------------------------------------------
>
>                 Key: BEAM-7880
>                 URL: https://issues.apache.org/jira/browse/BEAM-7880
>             Project: Beam
>          Issue Type: Improvement
>          Components: build-system, sdk-java-core
>            Reporter: Ismaël Mejía
>            Assignee: Ismaël Mejía
>            Priority: P0
>              Labels: Done
>             Fix For: 2.15.0
>
>          Time Spent: 3h 10m
>  Remaining Estimate: 0h
>
> Jackson databind 2.9.9 and earlier versions have multiple CVEs:
> https://www.cvedetails.com/cve/CVE-2019-12814
> https://www.cvedetails.com/cve/CVE-2019-12384
> https://www.cvedetails.com/cve/CVE-2019-14379
> https://www.cvedetails.com/cve/CVE-2019-14439



--
This message was sent by Atlassian Jira
(v8.20.10#820010)