[FOLIO-2341] Track security vulnerability fixes reported in jackson-databind < 2.9.10.1 Created: 05/Nov/19  Updated: 03/Jun/20  Resolved: 05/Mar/20

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Umbrella Priority: P2
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
is blocked by RMB-504 Fix security vulnerabilities reported... Closed
is blocked by CIRC-633 Fix security vulnerability reported i... Closed
Sprint:

 Description   

Three serialization gadget (= polymorphic typing) security vulnerability issues have been reported against jackson-databind versions before 2.9.10.1:

jackson-databind 2.9.10.1 (released 2019-10-20) fixes

jackson-databind 2.9.10.2 (not yet released) fixes

See also

Consider jackson 2.10 (not 2.9.10.x).



 Comments   
Comment by Peter Murray [ 05/Mar/20 ]

Blocking issues are now closed.

Generated at Thu Feb 08 23:19:57 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.