You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2017/12/15 17:46:00 UTC
[jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
[ https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16292900#comment-16292900 ]
Colm O hEigeartaigh commented on KNOX-1145:
-------------------------------------------
Any objections to this patch for master?
> Upgrade Jackson due to CVE-2017-7525
> ------------------------------------
>
> Key: KNOX-1145
> URL: https://issues.apache.org/jira/browse/KNOX-1145
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.0.0
>
> Attachments: KNOX-1145.patch
>
>
> Apache Knox currently ships the Jackson databind jar version 2.2.2. However, there is a security advisory CVE-2017-7525 released for this component:
> https://github.com/FasterXML/jackson-databind/issues/1599
> We should upgrade Jackson to pick this fix up.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Re: [jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
Posted by Sandeep More <mo...@gmail.com>.
I think the branch is already cut, I am thinking should we wait for the
package restructuring branch merge (for 1.0.0 release) and then commit or
commit now.
Would like to see what folks think.
Best,
Sandeep
On Fri, Dec 15, 2017 at 1:45 PM, Philip Zampino <pz...@gmail.com> wrote:
> It may depend on whether the 0.14.0 branch has been created yet or not.
>
> On Fri, Dec 15, 2017 at 12:46 PM, Colm O hEigeartaigh (JIRA) <
> jira@apache.org> wrote:
>
> >
> > [ https://issues.apache.org/jira/browse/KNOX-1145?page=
> > com.atlassian.jira.plugin.system.issuetabpanels:comment-
> > tabpanel&focusedCommentId=16292900#comment-16292900 ]
> >
> > Colm O hEigeartaigh commented on KNOX-1145:
> > -------------------------------------------
> >
> > Any objections to this patch for master?
> >
> > > Upgrade Jackson due to CVE-2017-7525
> > > ------------------------------------
> > >
> > > Key: KNOX-1145
> > > URL: https://issues.apache.org/jira/browse/KNOX-1145
> > > Project: Apache Knox
> > > Issue Type: Improvement
> > > Reporter: Colm O hEigeartaigh
> > > Assignee: Colm O hEigeartaigh
> > > Fix For: 1.0.0
> > >
> > > Attachments: KNOX-1145.patch
> > >
> > >
> > > Apache Knox currently ships the Jackson databind jar version 2.2.2.
> > However, there is a security advisory CVE-2017-7525 released for this
> > component:
> > > https://github.com/FasterXML/jackson-databind/issues/1599
> > > We should upgrade Jackson to pick this fix up.
> >
> >
> >
> > --
> > This message was sent by Atlassian JIRA
> > (v6.4.14#64029)
> >
>
Re: [jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525
Posted by Philip Zampino <pz...@gmail.com>.
It may depend on whether the 0.14.0 branch has been created yet or not.
On Fri, Dec 15, 2017 at 12:46 PM, Colm O hEigeartaigh (JIRA) <
jira@apache.org> wrote:
>
> [ https://issues.apache.org/jira/browse/KNOX-1145?page=
> com.atlassian.jira.plugin.system.issuetabpanels:comment-
> tabpanel&focusedCommentId=16292900#comment-16292900 ]
>
> Colm O hEigeartaigh commented on KNOX-1145:
> -------------------------------------------
>
> Any objections to this patch for master?
>
> > Upgrade Jackson due to CVE-2017-7525
> > ------------------------------------
> >
> > Key: KNOX-1145
> > URL: https://issues.apache.org/jira/browse/KNOX-1145
> > Project: Apache Knox
> > Issue Type: Improvement
> > Reporter: Colm O hEigeartaigh
> > Assignee: Colm O hEigeartaigh
> > Fix For: 1.0.0
> >
> > Attachments: KNOX-1145.patch
> >
> >
> > Apache Knox currently ships the Jackson databind jar version 2.2.2.
> However, there is a security advisory CVE-2017-7525 released for this
> component:
> > https://github.com/FasterXML/jackson-databind/issues/1599
> > We should upgrade Jackson to pick this fix up.
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.4.14#64029)
>