[ZOOKEEPER-3699] upgrade jackson-databind to address CVE-2019-20330 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.6.0, 3.7.0, 3.5.6
Fix Version/s: 3.6.0, 3.7.0, 3.5.7
Component/s: security
Labels:
- pull-request-available

Description

owasp is flagging
https://builds.apache.org/view/S-Z/view/ZooKeeper/job/zookeeper-master-maven-owasp/329/console

> [ERROR] jackson-databind-2.9.10.1.jar: CVE-2019-20330

"FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking"

I don't believe we use "ehcache" but we should upgrade asap.

Attachments

Issue Links

links to

GitHub Pull Request #1232

Activity

People

Assignee:: Patrick D. Hunt

Reporter:: Patrick D. Hunt

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Jan/20 19:20

Updated:: 14/Feb/20 15:23

Resolved:: 23/Jan/20 10:20

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

40m