[ZOOKEEPER-4045] CVE-2020-25649 - Upgrade jackson databind to 2.10.5.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.6.0, 3.6.1, 3.5.8, 3.6.2
Fix Version/s: 3.5.9, 3.6.3, 3.7.0
Component/s: None
Labels:
- pull-request-available
- security

Description

Jackson reported a vulnerability under CVE-2020-25649. Upgrading to 2.10.5.1 will resolve the problem. See https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#micro-patches for more details.

Attachments

Issue Links

links to

GitHub Pull Request #1572

Activity

People

Assignee:: Unassigned

Reporter:: Edwin Hobor

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Jan/21 13:48

Updated:: 28/Mar/21 08:53

Resolved:: 06/Jan/21 18:55

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

0.5h