[
https://issues.apache.org/jira/browse/CASSANDRA-15828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177857#comment-17177857
]
Mark Denihan commented on CASSANDRA-15828:
------------------------------------------
[~c3-keveker] Is this jar being removed to stop CVE-2019-10172 from being
reported at all or is jackson-mapper-asl used anywhere else other than compile?
It appears to me that this CVE doesn't actually apply to the runtime of
Cassandra, but I'd appreciate your thoughts!
> Remove jackson-mapper-asl-1.9.13 to address CVE
> -----------------------------------------------
>
> Key: CASSANDRA-15828
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15828
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Kevin Eveker
> Priority: Normal
>
> Recent scan results identified the following CVE that require this upgrade to
> address
> [https://nvd.nist.gov/vuln/detail/CVE-2019-10172]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
