You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jena.apache.org by "Andy Seaborne (JIRA)" <ji...@apache.org> on 2019/03/29 10:21:00 UTC
[jira] [Resolved] (JENA-1696) Update jsonld-java and its Jackson
dependencies
[ https://issues.apache.org/jira/browse/JENA-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andy Seaborne resolved JENA-1696.
---------------------------------
Resolution: Fixed
> Update jsonld-java and its Jackson dependencies
> -----------------------------------------------
>
> Key: JENA-1696
> URL: https://issues.apache.org/jira/browse/JENA-1696
> Project: Apache Jena
> Issue Type: Task
> Affects Versions: Jena 3.10.0
> Reporter: Andy Seaborne
> Assignee: Andy Seaborne
> Priority: Major
> Fix For: Jena 3.11.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Jackson databind has been a source security CVE issues.
> While jsonld-java does not appear to depend on the attacked feature (polymorphic binding), the presense of jackson jars with CVEs cause alters from security scanning tools.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Re: [jira] [Resolved] (JENA-1696) Update jsonld-java and its Jackson
dependencies
Posted by Andy Seaborne <an...@apache.org>.
This is about FasterXML-Jackson -- JSON, not XML.
Andy
On 29/03/2019 13:40, Claude Warren wrote:
> Does this change remove the woodstox xml parser? There are issues with how
> that parser functions such that de-serializing TRIX statements may fail. I
> encountered this before and the discussion about the parser can be found
> here:
> https://github.com/FasterXML/woodstox/issues/57
>
> On Fri, Mar 29, 2019 at 10:21 AM Andy Seaborne (JIRA) <ji...@apache.org>
> wrote:
>
>>
>> [
>> https://issues.apache.org/jira/browse/JENA-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>> ]
>>
>> Andy Seaborne resolved JENA-1696.
>> ---------------------------------
>> Resolution: Fixed
>>
>>> Update jsonld-java and its Jackson dependencies
>>> -----------------------------------------------
>>>
>>> Key: JENA-1696
>>> URL: https://issues.apache.org/jira/browse/JENA-1696
>>> Project: Apache Jena
>>> Issue Type: Task
>>> Affects Versions: Jena 3.10.0
>>> Reporter: Andy Seaborne
>>> Assignee: Andy Seaborne
>>> Priority: Major
>>> Fix For: Jena 3.11.0
>>>
>>> Time Spent: 1h 10m
>>> Remaining Estimate: 0h
>>>
>>> Jackson databind has been a source security CVE issues.
>>> While jsonld-java does not appear to depend on the attacked feature
>> (polymorphic binding), the presense of jackson jars with CVEs cause alters
>> from security scanning tools.
>>
>>
>>
>> --
>> This message was sent by Atlassian JIRA
>> (v7.6.3#76005)
>>
>
>
Re: [jira] [Resolved] (JENA-1696) Update jsonld-java and its Jackson dependencies
Posted by Claude Warren <cl...@xenei.com>.
Does this change remove the woodstox xml parser? There are issues with how
that parser functions such that de-serializing TRIX statements may fail. I
encountered this before and the discussion about the parser can be found
here:
https://github.com/FasterXML/woodstox/issues/57
On Fri, Mar 29, 2019 at 10:21 AM Andy Seaborne (JIRA) <ji...@apache.org>
wrote:
>
> [
> https://issues.apache.org/jira/browse/JENA-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
> ]
>
> Andy Seaborne resolved JENA-1696.
> ---------------------------------
> Resolution: Fixed
>
> > Update jsonld-java and its Jackson dependencies
> > -----------------------------------------------
> >
> > Key: JENA-1696
> > URL: https://issues.apache.org/jira/browse/JENA-1696
> > Project: Apache Jena
> > Issue Type: Task
> > Affects Versions: Jena 3.10.0
> > Reporter: Andy Seaborne
> > Assignee: Andy Seaborne
> > Priority: Major
> > Fix For: Jena 3.11.0
> >
> > Time Spent: 1h 10m
> > Remaining Estimate: 0h
> >
> > Jackson databind has been a source security CVE issues.
> > While jsonld-java does not appear to depend on the attacked feature
> (polymorphic binding), the presense of jackson jars with CVEs cause alters
> from security scanning tools.
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v7.6.3#76005)
>
--
I like: Like Like - The likeliest place on the web
<http://like-like.xenei.com>
LinkedIn: http://www.linkedin.com/in/claudewarren