You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "David Smiley (Jira)" <ji...@apache.org> on 2022/12/27 03:30:00 UTC

[jira] [Commented] (SOLR-16443) Upgrade Jackson bom to 2.13.4.20221013

    [ https://issues.apache.org/jira/browse/SOLR-16443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652102#comment-17652102 ] 

David Smiley commented on SOLR-16443:
-------------------------------------

I'll move this to 9.1.1 which should be released soon.

> Upgrade Jackson bom to 2.13.4.20221013
> --------------------------------------
>
>                 Key: SOLR-16443
>                 URL: https://issues.apache.org/jira/browse/SOLR-16443
>             Project: Solr
>          Issue Type: Task
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 8.11.2, 9.1
>            Reporter: Nicolò Mendola
>            Assignee: Kevin Risden
>            Priority: Minor
>             Fix For: main (10.0), 9.2
>
>
> Due to actual jackson-databind cve  listing CVE-2022-42004 and CVE-2022-42003 the Libary should be updated.
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
> https://nvd.nist.gov/vuln/detail/CVE-2022-42003
>  
> Perhaps for version 9.1.0 as well as 8.11.2?
> Best Regards
> h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org