You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Patrick Hunt (JIRA)" <ji...@apache.org> on 2019/06/24 17:33:00 UTC
[jira] [Created] (ZOOKEEPER-3442) OWASP jenkins failing due to
jackson databind CVE published
Patrick Hunt created ZOOKEEPER-3442:
---------------------------------------
Summary: OWASP jenkins failing due to jackson databind CVE published
Key: ZOOKEEPER-3442
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3442
Project: ZooKeeper
Issue Type: Bug
Affects Versions: 3.4.14, 3.5.5, 3.6.0
Reporter: Patrick Hunt
Fix For: 3.6.0, 3.4.15, 3.5.6
The OWASP job is failing due to a medium priority jackson databind issue.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814
we should upgrade the dependency version - I looked into the issue, should be straightforward, however the new dependency (2.9.9.1) is not yet available from the upstream. Once it is we should upgrade.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)