[
https://issues.apache.org/jira/browse/TOMEE-3856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518612#comment-17518612
]
Yugandher reddy vonteddu commented on TOMEE-3856:
-------------------------------------------------
Hello [~cesarhernandezgt]
Seems to be that jackson 2.13.2 still has the [
vulnerability|https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.13.2]
which was later fixed in 2.13.2.1 can you confirm if its been taken care of or
need this ticket reopened ?
better directly switch to 2.13.2.2 because of specified issue here
[https://github.com/FasterXML/jackson-databind/issues/2816]
Vulnerability info links:
[https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.13.2]
[https://nvd.nist.gov/vuln/detail/CVE-2020-36518]
Thanks
Yugandher
> Upgrade to jackson 2.13.2
> -------------------------
>
> Key: TOMEE-3856
> URL: https://issues.apache.org/jira/browse/TOMEE-3856
> Project: TomEE
> Issue Type: Dependency upgrade
> Affects Versions: 8.0.10
> Reporter: Cesar Hernandez
> Assignee: Cesar Hernandez
> Priority: Major
> Labels: CVE
> Fix For: 8.0.11
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
