You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@helix.apache.org by GitBox <gi...@apache.org> on 2022/01/14 15:41:18 UTC

[GitHub] [helix] aholowko opened a new issue #1933: Dependency org.codehaus.jackson:jackson-mapper-asl:1.9.13 leads to critical vulnerability: CVE-2019-17267

aholowko opened a new issue #1933:
URL: https://github.com/apache/helix/issues/1933


   ### Description
   
   In the **helix/zookeeper-api** is a dependency to org.codehaus.jackson:jackson-mapper-asl:1.9.13 that leads to critical vulnerability:
   
   [CVE-2019-17267](https://nvd.nist.gov/vuln/detail/CVE-2019-17267)
   
   ### Analysis
   
   The old Jackson API is used only in a few places and most of the changes are quite straightforward and require only changing an import statement to use classes from the new version of Jackson library.
   
   ### Recommendation
   
   * remove affected dependency
   * adjust code using old API to use new classes
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org
For additional commands, e-mail: reviews-help@helix.apache.org

[GitHub] [helix] narendly closed issue #1933: Dependency org.codehaus.jackson:jackson-mapper-asl:1.9.13 leads to critical vulnerability: CVE-2019-17267

Posted by GitBox <gi...@apache.org>.

narendly closed issue #1933:
URL: https://github.com/apache/helix/issues/1933


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscribe@helix.apache.org
For additional commands, e-mail: reviews-help@helix.apache.org