You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by "Andy Seaborne (JIRA)" <ji...@apache.org> on 2019/07/26 18:32:00 UTC
[jira] [Comment Edited] (JENA-1736) Update Jackson dependency to
2.9.9.1
[ https://issues.apache.org/jira/browse/JENA-1736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16890822#comment-16890822 ]
Andy Seaborne edited comment on JENA-1736 at 7/26/19 6:31 PM:
--------------------------------------------------------------
The advised upgrade is not yet available on maven central.
It may be that the emerging "2.10.0" is the correct upgrade.
This core issues does not affect Jena's limited use of Jackson.
---
Correction: the fix is only jackson-databind, not jackson-core, and is available from maven central.
was (Author: andy.seaborne):
The advised upgrade is not yet available on maven central.
It may be that the emerging "2.10.0" is the correct upgrade.
This core issues does not affect Jena's limited use of Jackson.
> Update Jackson dependency to 2.9.9.1
> ------------------------------------
>
> Key: JENA-1736
> URL: https://issues.apache.org/jira/browse/JENA-1736
> Project: Apache Jena
> Issue Type: Task
> Affects Versions: Jena 3.12.0
> Reporter: Andy Seaborne
> Assignee: Andy Seaborne
> Priority: Major
> Fix For: Jena 3.13.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> This addresses CVE-2019-12814.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)