You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@curator.apache.org by "Vladimir Pligin (Jira)" <ji...@apache.org> on 2019/12/19 15:11:00 UTC
[jira] [Created] (CURATOR-552) Update jackson-databind dependencies
Vladimir Pligin created CURATOR-552:
---------------------------------------
Summary: Update jackson-databind dependencies
Key: CURATOR-552
URL: https://issues.apache.org/jira/browse/CURATOR-552
Project: Apache Curator
Issue Type: Bug
Components: General
Affects Versions: 4.2.0
Reporter: Vladimir Pligin
Fix For: TBD
There are some CVE reports related to 2.9.8 and 2.9.9 versions, for example:
* [CVE-2019-14379|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14379]
* [CVE-2019-17267|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17267]
* [CVE-2019-16335|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16335]
* [CVE-2019-14540|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14540]
* [CVE-2019-16943|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16943]
* [CVE-2019-16942|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16942]
* [CVE-2019-17531|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17531]
* [CVE-2019-14439|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14439]
* [CVE-2019-12086|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12086]
* [CVE-2019-12814|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814]
* [CVE-2019-12384|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12384]
Most of them suggest to update to the 2.9.10 version.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)