[ZOOKEEPER-3734] upgrade jackson-databind to address CVE-2020-8840 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.6.0, 3.7.0, 3.5.7
Fix Version/s: 3.6.0, 3.7.0, 3.5.8
Component/s: security
Labels:
- pull-request-available

Description

owasp check is failing with

[ERROR] jackson-databind-2.9.10.2.jar: CVE-2020-8840

looks like we need to upgrade to 2.9.10.3 or later.

Attachments

Issue Links

links to

GitHub Pull Request #1262

Activity

People

Assignee:: Enrico Olivelli

Reporter:: Patrick D. Hunt

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 23/Feb/20 02:59

Updated:: 11/May/20 15:41

Resolved:: 23/Feb/20 16:48

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

0.5h