[FOLIO-2341] Track security vulnerability fixes reported in jackson-databind < 2.9.10.1 Created: 05/Nov/19 Updated: 03/Jun/20 Resolved: 05/Mar/20 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Umbrella | Priority: | P2 |
| Reporter: | Julian Ladisch | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||
| Sprint: | |||||||||||||
| Description |
|
Three serialization gadget (= polymorphic typing) security vulnerability issues have been reported against jackson-databind versions before 2.9.10.1: jackson-databind 2.9.10.1 (released 2019-10-20) fixes
jackson-databind 2.9.10.2 (not yet released) fixes
See also
Consider jackson 2.10 (not 2.9.10.x). |
| Comments |
| Comment by Peter Murray [ 05/Mar/20 ] |
|
Blocking issues are now closed. |