<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:14:31 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-1600] Security vulnerability reported in jackson-databind</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-1600</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Github reports:&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;Known **&lt;b&gt;high severity&lt;/b&gt;** security vulnerability detected in `com.fasterxml.jackson.core:jackson-databind &amp;gt;= 2.7.0, &amp;lt; 2.7.9.1` defined in &lt;span class=&quot;error&quot;&gt;&amp;#91;`pom.xml`&amp;#93;&lt;/span&gt;(&lt;a href=&quot;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&lt;/a&gt;(&lt;a href=&quot;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&lt;/a&gt;)).&lt;/p&gt;&lt;/blockquote&gt;
&lt;blockquote&gt;&lt;p&gt;&lt;span class=&quot;error&quot;&gt;&amp;#91;`pom.xml`&amp;#93;&lt;/span&gt;(&lt;a href=&quot;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&lt;/a&gt;(&lt;a href=&quot;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-data-import/blob/master/pom.xml&lt;/a&gt;)) update suggested: `com.fasterxml.jackson.core:jackson-databind ~&amp;gt; 2.7.9.1`.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Based on what we&apos;ve seen in other tickets (
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-1580&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-1580&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Fix security vulnerabilities reported in jackson-databind&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10307?size=medium&quot; /&gt;
            FOLIO-1580
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
), version 2.9.5 or greater is recommended.&lt;/p&gt;</description>
                <environment></environment>
        <key id="80891">FOLIO-1600</key>
            <summary>Security vulnerability reported in jackson-databind</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5ced27478b03050f27825a93">Peter Murray</reporter>
                                    <labels>
                            <label>security</label>
                            <label>sprint50</label>
                    </labels>
                <created>Mon, 29 Oct 2018 16:19:21 +0000</created>
                <updated>Mon, 12 Nov 2018 14:25:15 +0000</updated>
                            <resolved>Tue, 30 Oct 2018 21:34:12 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="192893" author="5ced27478b03050f27825a93" created="Mon, 29 Oct 2018 16:22:00 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A4e8af9e1-3cbd-4f0f-9bea-a55775f8fa65&quot; class=&quot;user-hover&quot; rel=&quot;712020:4e8af9e1-3cbd-4f0f-9bea-a55775f8fa65&quot; data-account-id=&quot;712020:4e8af9e1-3cbd-4f0f-9bea-a55775f8fa65&quot; accountid=&quot;712020:4e8af9e1-3cbd-4f0f-9bea-a55775f8fa65&quot; rel=&quot;noreferrer&quot;&gt;Dmytro Tur&lt;/a&gt;: I think you had the last commits to this module.  Can you look at this security advisory, please?&lt;/p&gt;</comment>
                                                            <comment id="192895" author="712020:4e8af9e1-3cbd-4f0f-9bea-a55775f8fa65" created="Tue, 30 Oct 2018 20:44:12 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ced27478b03050f27825a93&quot; class=&quot;user-hover&quot; rel=&quot;5ced27478b03050f27825a93&quot; data-account-id=&quot;5ced27478b03050f27825a93&quot; accountid=&quot;5ced27478b03050f27825a93&quot; rel=&quot;noreferrer&quot;&gt;Peter Murray&lt;/a&gt; I suppose this issue is already fixed. Version of dependency &apos;jackson-databind&apos; has been changed to 2.9.6.&lt;/p&gt;</comment>
                                                            <comment id="192897" author="5ced27478b03050f27825a93" created="Tue, 30 Oct 2018 21:33:53 +0000"  >&lt;p&gt;Yes &amp;#8211; it does look like it was fixed:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/mod-data-import/blame/master/pom.xml#L52&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-data-import/blame/master/pom.xml#L52&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Sorry for the confusion.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                            <outwardlinks description="blocks">
                                        <issuelink>
            <issuekey id="80950">FOLIO-1580</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzz3uf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 30 Oct 2018 20:44:12 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>