You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/01/17 16:20:00 UTC

[jira] [Commented] (AMQ-7320) Upgrade to Jackson 2.10.1

    [ https://issues.apache.org/jira/browse/AMQ-7320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17018161#comment-17018161 ] 

Colm O hEigeartaigh commented on AMQ-7320:
------------------------------------------

[~jbonofre] Until 2.10.x is working, can we upgrade master + 5.15.x branch to use Jackson databind 2.9.10.2? This fixes CVE-2019-20330.

> Upgrade to Jackson 2.10.1
> -------------------------
>
>                 Key: AMQ-7320
>                 URL: https://issues.apache.org/jira/browse/AMQ-7320
>             Project: ActiveMQ
>          Issue Type: Task
>          Components: Broker, Web Console
>            Reporter: Jean-Baptiste Onofré
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 5.16.0, 5.15.12
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> In order to fix new CVE, we have to update to Jackson 2.10.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)