[FOLIO-1604] Security vulnerability reported in jackson-databind Created: 31/Oct/18  Updated: 12/Nov/18  Resolved: 01/Nov/18

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: P3
Reporter: Peter Murray Assignee: Oleksii Maksymov
Resolution: Done Votes: 0
Labels: security, sprint50
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks FOLIO-1580 Fix security vulnerabilities reported... Closed
Sprint:

 Description   

Github reports:

Known *high severity* security vulnerability detected in `com.fasterxml.jackson.core:jackson-databind >= 2.7.0, < 2.7.9.1` defined in [`pom.xml`](https://github.com/folio-org/mod-data-import/blob/master/pom.xml(https://github.com/folio-org/mod-data-import/blob/master/pom.xml)).

[`pom.xml`](https://github.com/folio-org/mod-data-import/blob/master/pom.xml(https://github.com/folio-org/mod-data-import/blob/master/pom.xml)) update suggested: `com.fasterxml.jackson.core:jackson-databind ~> 2.7.9.1`.

Based on what we've seen in other tickets ( FOLIO-1580 Closed ), version 2.9.5 or greater is recommended.



 Comments   
Comment by Oleksii Maksymov [ 01/Nov/18 ]

The version of 'com.fasterxml.jackson.core:jackson-databind' has been updated.

Generated at Thu Feb 08 23:14:33 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.