You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Dan Klco (Jira)" <ji...@apache.org> on 2020/07/13 03:46:00 UTC

[jira] [Created] (SLING-9585) Update Jackson DataBind

Dan Klco created SLING-9585:
-------------------------------

             Summary: Update Jackson DataBind
                 Key: SLING-9585
                 URL: https://issues.apache.org/jira/browse/SLING-9585
             Project: Sling
          Issue Type: Improvement
          Components: Starter
    Affects Versions: Starter 11
            Reporter: Dan Klco
            Assignee: Dan Klco
             Fix For: Starter 12


The current version of Jackson DataBind packaged in Sling Starter 11 has a number of known vulnerabilities and should be updated. This includes critical vulnerabilities such as:

CVE-2019-17267
CVE-2019-17531
CVE-2019-14540
CVE-2019-16335

The recommendation is to upgrade to 2.9.10.5.





--
This message was sent by Atlassian Jira
(v8.3.4#803005)