You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Mark Denihan (Jira)" <ji...@apache.org> on 2020/08/14 16:17:00 UTC
[jira] [Commented] (CASSANDRA-15828) Remove
jackson-mapper-asl-1.9.13 to address CVE
[ https://issues.apache.org/jira/browse/CASSANDRA-15828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177857#comment-17177857 ]
Mark Denihan commented on CASSANDRA-15828:
------------------------------------------
[~c3-keveker] Is this jar being removed to stop CVE-2019-10172 from being reported at all or is jackson-mapper-asl used anywhere else other than compile? It appears to me that this CVE doesn't actually apply to the runtime of Cassandra, but I'd appreciate your thoughts!
> Remove jackson-mapper-asl-1.9.13 to address CVE
> -----------------------------------------------
>
> Key: CASSANDRA-15828
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15828
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Kevin Eveker
> Priority: Normal
>
> Recent scan results identified the following CVE that require this upgrade to address
> [https://nvd.nist.gov/vuln/detail/CVE-2019-10172]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org