You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2022/03/29 12:55:26 UTC

[GitHub] [zookeeper] edwin092 opened a new pull request #1842: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

edwin092 opened a new pull request #1842:
URL: https://github.com/apache/zookeeper/pull/1842


   CVE-2020-36518 vulnerability affects jackson-databind in Zookeeper (see https://github.com/advisories/GHSA-57j2-w4cx-62h2).
   
   Upgrading to jackson-databind version 2.13.2.1 should address this issue.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] edwin092 commented on pull request #1842: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

Posted by GitBox <gi...@apache.org>.

edwin092 commented on pull request #1842:
URL: https://github.com/apache/zookeeper/pull/1842#issuecomment-1082679344


   > * If no other concerns, I'll merge it at this weekend(04-03).
   > * This PR can apply to branch 3.7 and 3.8 well except branch-3.6, please create another PR @edwin092
   
   Sure thing! I'll raise the 2 PRs.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] arshadmohammad commented on pull request #1842: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

Posted by GitBox <gi...@apache.org>.

arshadmohammad commented on pull request #1842:
URL: https://github.com/apache/zookeeper/pull/1842#issuecomment-1083503735


   jackson-databind-2.13.2.2 is released but I don't see any manful change in this release compared to 2.13.2.1 . we can go ahead with jackson-databind-2.13.2.1 release itself.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] arshadmohammad commented on pull request #1842: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

Posted by GitBox <gi...@apache.org>.

arshadmohammad commented on pull request #1842:
URL: https://github.com/apache/zookeeper/pull/1842#issuecomment-1083513393


   Merged to master, branch-3.8 and branch-3.7. @edwin092 please raise PR on branch-3.6


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] eolivelli commented on pull request #1842: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

Posted by GitBox <gi...@apache.org>.

eolivelli commented on pull request #1842:
URL: https://github.com/apache/zookeeper/pull/1842#issuecomment-1082907740


   > If no other concerns, I'll merge it at this weekend(04-03).
   
   There are already 2 binding +1s, so you can merge it now


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] maoling commented on pull request #1842: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

Posted by GitBox <gi...@apache.org>.

maoling commented on pull request #1842:
URL: https://github.com/apache/zookeeper/pull/1842#issuecomment-1082652848


   - If no other concerns, I'll merge it at this weekend(04-03).
   - This PR can apply to branch 3.7 and 3.8 well except branch-3.6, please create another PR @edwin092 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [zookeeper] asfgit closed pull request #1842: ZOOKEEPER-4505: CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1

Posted by GitBox <gi...@apache.org>.

asfgit closed pull request #1842:
URL: https://github.com/apache/zookeeper/pull/1842


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org