You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Evens Max Pierrelouis (Jira)" <ji...@apache.org> on 2022/10/29 20:02:00 UTC

[jira] [Commented] (ZOOKEEPER-4628) CVE-2022-42003 CVE-2022-42004 HIGH: upgrade jackson-databind-2.13.3.jar to 2.13.4.1

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-4628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17626135#comment-17626135 ] 

Evens Max Pierrelouis  commented on ZOOKEEPER-4628:
---------------------------------------------------

community on behalf of the various Project PMCs. Each Confluence Space is managed by the respective Project community. Some Spaces may be open to contributions to all Confluence users. To register, follow the Log In link at the top right of any page. Confluence users can watch a Space to to receive notifications any changes, or receive a daily summary of all changes to the site.

Please be aware that if mail to the e-mail address associated with a Confluence account starts bouncing, the Infrastructure team will delete the account if at all possible. If the account can't be deleted, it will be disabled.

 

*PRIVACY NOTICE:* ASF Confluence  is a publicly viewable wiki. Activity on most pages and spaces, will be publicly visible. Email addresses are not visible to other users unless you chose your email address as your ownername Evens Max Pierrelouis 

"Learn why we included this marketing agreement with Deerfield Media Edit Vhx TV-Network-Live+Stream+On_Fire+TV+fees_$7.99+Jarvis.AI+Max+WebTV/Network=Live+Streams/Production/Broadcasting/Profile/Evensmaxpierrelouis/Inside/menu/Scan me QR Barcode scanner app Service Job fee is now $500 for every hour of work all services hotline number Information included and also all job related . https://www.cyberpunk.net?Cyberpunk-ai/evensmaxpierrelouis.internet LinkedIn © 2022 LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2. LinkedIn is a registered business name of LinkedIn Ireland Unlimited Company. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn 1217890905 notifications total

xmlns:georss="http://www.georss.org/georss" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" > <title>advanced-security Archives | The GitHub Blog</title> https://github.blog/changelog/label/advanced-security/ Updates, ideas, and inspiration from GitHub to help developers build and design software. Thu, 29 Sep 2022 16:19:48 +0000 en-US hourly 1 https://wordpress.org/?v=6.0.2  https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=32%2C32 <title>advanced-security Archives | The GitHub Blog</title> https://github.blog/changelog/label/advanced-security/ 32 32 153214340 <title>Secret scanning alerts now have a timeline and users can add a comment when resolving</title> https://github.blog/changelog/2022-09-29-secret-scanning-alerts-now-have-a-timeline-and-users-can-add-a-comment-when-resolving
    <dc:creator><![CDATA[Kevin Duck]]></dc:creator>
    <pubDate>Thu, 29 Sep 2022 16:19:48 +0000</pubDate>
            <guid isPermaLink="false">https://github.blog/changelog/2022-09-29-secret-scanning-alerts-now-have-a-timeline-and-users-can-add-a-comment-when-resolving</guid>

                <description><![CDATA[Secret scanning alerts now have a timeline and users can add a comment when resolving]]></description>
                                    <content:encoded><![CDATA[<p>GitHub Advanced Security customers can now view a timeline of actions taken on a secret scanning alert, including when a contributor bypassed the push protection on a secret"
 https://github.com/Evensmaxpierrelouis/I-Evensmaxpierrelouis-the-ceo-of-BBB-Cyber-life-in-His-AI-Assistant-is-Always-with-Him-all-the-Time#:~:text=Learn%20why%20we%20included,protection%20on%20a%20secret

> CVE-2022-42003 CVE-2022-42004 HIGH: upgrade jackson-databind-2.13.3.jar to 2.13.4.1
> -----------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4628
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4628
>             Project: ZooKeeper
>          Issue Type: Task
>          Components: security
>    Affects Versions: 3.5.10, 3.8.0, 3.7.1
>            Reporter: Ivo Dujmovic
>            Priority: Critical
>              Labels: pull-request-available
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Two High issues 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
> affect jackson version 2.13.3 which zk should update to 2.13.4.1 
> Other projects have done this, but Zookeeper has not.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)