You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Richard Zowalla (Jira)" <ji...@apache.org> on 2022/10/06 12:05:00 UTC

[jira] [Commented] (TOMEE-4066) Update jackson-databind to mitigate CVE-2022-42004 and CVE-2022-42003

    [ https://issues.apache.org/jira/browse/TOMEE-4066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17613471#comment-17613471 ] 

Richard Zowalla commented on TOMEE-4066:
----------------------------------------

Thanks.
Current 8.x snapshot is already on 2.13.4. Looks like we need to wait for 2.14.0 final to become available: https://github.com/FasterXML/jackson-databind/issues/3590

> Update jackson-databind to mitigate CVE-2022-42004 and CVE-2022-42003
> ---------------------------------------------------------------------
>
>                 Key: TOMEE-4066
>                 URL: https://issues.apache.org/jira/browse/TOMEE-4066
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 8.0.12
>            Reporter: RAJU THANNEERU
>            Priority: Major
>              Labels: CVE
>
> Update jackson-databind to mitigate CVE-2022-42004 and CVE-2022-42003
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)