<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:19:57 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2341] Track security vulnerability fixes reported in jackson-databind &lt; 2.9.10.1</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2341</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;Three serialization gadget (= polymorphic typing) security vulnerability issues have been reported against jackson-databind versions before 2.9.10.1:&lt;/p&gt;

&lt;p&gt;jackson-databind 2.9.10.1 (released 2019-10-20) fixes&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;commons-dbcp, p6spy (&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2019-16942&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;CVE-2019-16942&lt;/a&gt; / &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2019-16943&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;CVE-2019-16943&lt;/a&gt; = &lt;a href=&quot;https://github.com/FasterXML/jackson-databind/issues/2478&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;jackson-databind #2478&lt;/a&gt;)&lt;/li&gt;
	&lt;li&gt;log4j-extras/1.2 (&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2019-17531&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;CVE-2019-17531&lt;/a&gt; = &lt;a href=&quot;https://github.com/FasterXML/jackson-databind/issues/2498&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;jackson-databind #2498&lt;/a&gt;)&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;jackson-databind &lt;a href=&quot;https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#micro-patches&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;2.9.10.2&lt;/a&gt; (not yet released) fixes&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;ehcache/JNDI (CVEs to be allocated = &lt;a href=&quot;https://github.com/FasterXML/jackson-databind/issues/2526&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;jackson-databind #2526&lt;/a&gt;)&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;See also&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;On Jackson CVEs: Don&apos;t Panic &#8212; Here is what you need to know&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://medium.com/@cowtowncoder/jackson-2-10-features-cd880674d8a2&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;Jackson 2.10 features (esp &quot;Safe Default Typing&quot; to vanquish stream of CVE patches!)&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://github.com/FasterXML/jackson-bom&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/FasterXML/jackson-bom&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Consider jackson 2.10 (not 2.9.10.x).&lt;/p&gt;</description>
                <environment></environment>
        <key id="81483">FOLIO-2341</key>
            <summary>Track security vulnerability fixes reported in jackson-databind &lt; 2.9.10.1</summary>
                <type id="10006" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10307?size=medium">Umbrella</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                    </labels>
                <created>Tue, 5 Nov 2019 11:25:50 +0000</created>
                <updated>Wed, 3 Jun 2020 16:40:15 +0000</updated>
                            <resolved>Thu, 5 Mar 2020 15:22:50 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="194037" author="5ced27478b03050f27825a93" created="Thu, 5 Mar 2020 15:22:50 +0000"  >&lt;p&gt;Blocking issues are now closed.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                                                <inwardlinks description="is blocked by">
                                        <issuelink>
            <issuekey id="57066">RMB-504</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="48405">CIRC-633</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i00cvr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 5 Mar 2020 15:22:50 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>