cherzog-tibco commented on issue #9196: URL: https://github.com/apache/pulsar/issues/9196#issuecomment-758800292
At least 4 items are considered critical: https://github.com/advisories/GHSA-85cw-hj65-qqv9 https://github.com/advisories/GHSA-h822-r4r5-v8jg https://github.com/advisories/GHSA-gjmw-vf9h-g25v https://github.com/advisories/GHSA-f3j5-rmmp-3fc5 Moving to jackson-databind 2.9.10.5 with what may be a more modest impact (I haven't actually confirmed that) will resolve the critical issues which I think is a big deal. I'm not sure if 2.12 is a drop-in so this might be a reasonable intermediate step. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
