You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@curator.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/10/09 12:13:00 UTC

[jira] [Commented] (CURATOR-481) Remove jackson-mapper-asl-version and update to latest version of jackson

    [ https://issues.apache.org/jira/browse/CURATOR-481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16643230#comment-16643230 ] 

ASF GitHub Bot commented on CURATOR-481:
----------------------------------------

GitHub user Max-Pudov opened a pull request:

    https://github.com/apache/curator/pull/280

    CURATOR-481 Remove jackson-mapper-asl-version and update jackson

    …rsion of jackson

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Max-Pudov/curator CURATOR-481

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/curator/pull/280.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #280
    
----
commit 20cda944243f834a216316ebd8d3c59758898282
Author: Max-Pudov <pu...@...>
Date:   2018-10-09T12:11:58Z

    CURATOR-481 Remove jackson-mapper-asl-version and update to latest version of jackson

----


> Remove jackson-mapper-asl-version and update to latest version of jackson
> -------------------------------------------------------------------------
>
>                 Key: CURATOR-481
>                 URL: https://issues.apache.org/jira/browse/CURATOR-481
>             Project: Apache Curator
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 2.3.0
>            Reporter: Maxim Pudov
>            Priority: Major
>             Fix For: 4.1.0
>
>
> There is a vulnerability issue in jackson-mapper-asl-version 1.9.13 and it is no longer supported. The same issue was present in jackson-databind till version 2.7.9.1.
> [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525]
> We already have a dependency on jackson 2.x. Let's replace jackson-mapper-asl with jackson-databind and update jackson to the latest version.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: [jira] [Commented] (CURATOR-481) Remove jackson-mapper-asl-version and update to latest version of jackson

Posted by Chris Miles <ch...@chrismiles.org>.

unsubscribe