You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "stephen mallette (JIRA)" <ji...@apache.org> on 2019/06/05 11:44:00 UTC

[jira] [Closed] (TINKERPOP-2223) Update jackson databind to 2.9.9

     [ https://issues.apache.org/jira/browse/TINKERPOP-2223?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

stephen mallette closed TINKERPOP-2223.
---------------------------------------
       Resolution: Done
    Fix Version/s: 3.4.3
                   3.3.8

Updated via CTR https://github.com/apache/tinkerpop/commit/7c207e5f49aa0761e561cbb0bc7ff42c54984a7b

> Update jackson databind to 2.9.9
> --------------------------------
>
>                 Key: TINKERPOP-2223
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2223
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: io
>    Affects Versions: 3.3.6, 3.4.1
>            Reporter: Robert Dale
>            Assignee: stephen mallette
>            Priority: Minor
>             Fix For: 3.3.8, 3.4.3
>
>
> https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-174736
> Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.9 or higher.
> Security vulnerability is specific to having mysql jars on the classpath. Does not affect us directly.  Low priority, let's put it on the roadmap.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)