You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Jason-Morries Adam (Jira)" <ji...@apache.org> on 2022/04/22 13:45:00 UTC

[jira] [Updated] (NIFI-9952) Upgrade Jackson to 2.13.2.1 using POM

     [ https://issues.apache.org/jira/browse/NIFI-9952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason-Morries Adam updated NIFI-9952:
-------------------------------------
    Description: 
Jackson should be upgraded to 2.13.2.2 due to the following CVE: 

[CVE-2020-36518|https://github.com/advisories/GHSA-57j2-w4cx-62h2]

(Link: https://github.com/advisories/GHSA-57j2-w4cx-62h2)

 

You can find the newest versions of jackson at https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind

  was:
Some bundles are not using the version defined as a property in the parent pom:
 * {{nifi-elasticsearch-client-service-api}} (2.9.8)
 * {{nifi-graph-processor}} (2.9.9)
 * {{nifi-easyrules-service}} (2.9.10)

This should be re-evaluated as it'd be better to use the same version.


> Upgrade Jackson to 2.13.2.1 using POM
> -------------------------------------
>
>                 Key: NIFI-9952
>                 URL: https://issues.apache.org/jira/browse/NIFI-9952
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: Jason-Morries Adam
>            Assignee: Mike Thomsen
>            Priority: Major
>             Fix For: 1.17.0, 1.16.1
>
>
> Jackson should be upgraded to 2.13.2.2 due to the following CVE: 
> [CVE-2020-36518|https://github.com/advisories/GHSA-57j2-w4cx-62h2]
> (Link: https://github.com/advisories/GHSA-57j2-w4cx-62h2)
>  
> You can find the newest versions of jackson at https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind



--
This message was sent by Atlassian Jira
(v8.20.7#820007)