You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Dan Klco (Jira)" <ji...@apache.org> on 2020/07/13 03:46:00 UTC
[jira] [Created] (SLING-9585) Update Jackson DataBind
Dan Klco created SLING-9585:
-------------------------------
Summary: Update Jackson DataBind
Key: SLING-9585
URL: https://issues.apache.org/jira/browse/SLING-9585
Project: Sling
Issue Type: Improvement
Components: Starter
Affects Versions: Starter 11
Reporter: Dan Klco
Assignee: Dan Klco
Fix For: Starter 12
The current version of Jackson DataBind packaged in Sling Starter 11 has a number of known vulnerabilities and should be updated. This includes critical vulnerabilities such as:
CVE-2019-17267
CVE-2019-17531
CVE-2019-14540
CVE-2019-16335
The recommendation is to upgrade to 2.9.10.5.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)