Done
Details
Details
Assignee
Julian Ladisch
Julian Ladisch
Reporter
Julian Ladisch
Julian LadischLabels
Priority
P3Development Team
Thunderjet
Release
Ramsons (R2 2024)
RCA Group
Related dependency upgrade
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created May 5, 2024 at 2:38 PM
Updated May 7, 2024 at 11:09 AM
Resolved May 7, 2024 at 11:09 AM
jackson-core package versions before 2.15.0 are vulnerable to Denial of Service (DoS): https://github.com/FasterXML/jackson-core/pull/827
mod-invoice-storage pins the jackson version to 2.13.4. This effectively downgrades the jackson version provided by RMB (domain-models-runtime, domain-models-api-interfaces) from 2.16.1 to 2.13.4.
Fix: Unpin jackson.