I found there jackson version is specified in
${projectDir}/cas/override.gradle , just change it to 2.9.9 and it gradle
will build with jackson 2.9.9 automatically. But I have not tested if it
breaks something or not yet.
在 2019年6月5日星期三 UTC+8下午9:46:58,jm写道:
>
> Hi,
>
> I wanted to build CAS today, but failed to build in my company's CI
> system. Dependency check shows the fact that CAS 5.3.x is using a
> volnerable jackson version 2.9.5 (which is less than 2.9.9).
>
> How can I fix this vulnerability? Can I just specify jackson 2.9.9 in
> build.gradle of cas-overlay-template? I am worrying about it, will my
> service be broken because of upgrading jackson version?
>
> Many thanks to you.
>
> James
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9c6b054-f734-4a6e-b663-950277f50760%40apereo.org.
