You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Yugandher reddy vonteddu (Jira)" <ji...@apache.org> on 2022/04/07 06:37:00 UTC

[jira] [Commented] (TOMEE-3856) Upgrade to jackson 2.13.2

    [ https://issues.apache.org/jira/browse/TOMEE-3856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518612#comment-17518612 ] 

Yugandher reddy vonteddu commented on TOMEE-3856:
-------------------------------------------------

Hello [~cesarhernandezgt] 

Seems to be that jackson 2.13.2 still has the [ vulnerability|https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.13.2] which was later fixed in 2.13.2.1 can you confirm if its been taken care of or need this ticket reopened ?

better directly switch to 2.13.2.2 because of specified issue here [https://github.com/FasterXML/jackson-databind/issues/2816]

 

Vulnerability info links: [https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.13.2]

[https://nvd.nist.gov/vuln/detail/CVE-2020-36518]

 

Thanks 

Yugandher 

> Upgrade to jackson 2.13.2
> -------------------------
>
>                 Key: TOMEE-3856
>                 URL: https://issues.apache.org/jira/browse/TOMEE-3856
>             Project: TomEE
>          Issue Type: Dependency upgrade
>    Affects Versions: 8.0.10
>            Reporter: Cesar Hernandez
>            Assignee: Cesar Hernandez
>            Priority: Major
>              Labels: CVE
>             Fix For: 8.0.11
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)