[TINKERPOP-2275] Update jackson databind 2.9.9.3+ - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.3.7, 3.4.2
Fix Version/s: 3.3.9, 3.4.4
Component/s: io
Labels:
- security

Description

Fixes more gadget vulnerabilities with ehcache and logback in the classpath.

https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617

Note that the fix is in 2.9.9.2. However, that version broke things. Waiting for 2.9.9.3 to be released. https://github.com/FasterXML/jackson-databind/issues/2395

TinkerPop is not directly affected hence low priority (let alone that the fix isn't even available).

Attachments

Activity

People

Assignee:: Robert Dale

Reporter:: Robert Dale

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 31/Jul/19 11:29

Updated:: 13/Aug/19 19:31

Resolved:: 13/Aug/19 19:31