You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@curator.apache.org by "Vladimir Pligin (Jira)" <ji...@apache.org> on 2019/12/19 15:11:00 UTC

[jira] [Created] (CURATOR-552) Update jackson-databind dependencies

Vladimir Pligin created CURATOR-552:
---------------------------------------

             Summary: Update jackson-databind dependencies
                 Key: CURATOR-552
                 URL: https://issues.apache.org/jira/browse/CURATOR-552
             Project: Apache Curator
          Issue Type: Bug
          Components: General
    Affects Versions: 4.2.0
            Reporter: Vladimir Pligin
             Fix For: TBD


There are some CVE reports related to 2.9.8 and 2.9.9 versions, for example:
* [CVE-2019-14379|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14379]
* [CVE-2019-17267|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17267]
* [CVE-2019-16335|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16335]
* [CVE-2019-14540|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14540]
* [CVE-2019-16943|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16943]
* [CVE-2019-16942|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16942]
* [CVE-2019-17531|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17531]
* [CVE-2019-14439|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14439]
* [CVE-2019-12086|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12086]
* [CVE-2019-12814|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814]
* [CVE-2019-12384|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12384]

Most of them suggest to update to the 2.9.10 version.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)