[jira] [Commented] (STREAMS-682) upgrade jackson again - many more CVEs reported

PJ Fanning (Jira) Wed, 17 Aug 2022 15:04:43 -0700


    [ 
https://issues.apache.org/jira/browse/STREAMS-682?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17581042#comment-17581042
 ]


PJ Fanning commented on STREAMS-682:
------------------------------------

A new CVE was reported since I logged this. 2.13.3 would be cool if there are 
no side effects. 2.12.7 also has all the security fixes.

> upgrade jackson again - many more CVEs reported
> -----------------------------------------------
>
>                 Key: STREAMS-682
>                 URL: https://issues.apache.org/jira/browse/STREAMS-682
>             Project: Streams
>          Issue Type: Improvement
>            Reporter: PJ Fanning
>            Priority: Major
>
> Ideally to latest version 2.13.1 but 2.9.10.8 is also CVE free.
> https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (STREAMS-682) upgrade jackson again - many more CVEs reported

Reply via email to