[
https://issues.apache.org/jira/browse/CASSANDRA-15828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177988#comment-17177988
]
Kevin Eveker commented on CASSANDRA-15828:
------------------------------------------
[~mdenihan] Since the security scanners found this jar that has a vulnerability
and is no longer supported, it has to be removed to pass our security scans. Is
there a supported jar that can be used to replace it? We are working to get an
ATO with Cassandra as part of our solution which motivated this ticket. I wish
I understood this baseline better and could offer some help from me or a member
of my team.
> Remove jackson-mapper-asl-1.9.13 to address CVE
> -----------------------------------------------
>
> Key: CASSANDRA-15828
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15828
> Project: Cassandra
> Issue Type: Improvement
> Reporter: Kevin Eveker
> Priority: Normal
>
> Recent scan results identified the following CVE that require this upgrade to
> address
> [https://nvd.nist.gov/vuln/detail/CVE-2019-10172]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
