[
https://issues.apache.org/jira/browse/CURATOR-481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16683022#comment-16683022
]
ASF GitHub Bot commented on CURATOR-481:
----------------------------------------
Github user cammckenzie commented on the issue:
https://github.com/apache/curator/pull/280
It looks OK to me, but my knowledge of this section of Curator is very
limited. @Randgalt do you have any thoughts on this? If not, I'll merge.
> Remove jackson-mapper-asl-version and update to latest version of jackson
> -------------------------------------------------------------------------
>
> Key: CURATOR-481
> URL: https://issues.apache.org/jira/browse/CURATOR-481
> Project: Apache Curator
> Issue Type: Bug
> Components: General
> Affects Versions: 2.3.0
> Reporter: Maxim Pudov
> Priority: Major
> Fix For: 4.1.0
>
>
> There is a vulnerability issue in jackson-mapper-asl-version 1.9.13 and it is
> no longer supported. The same issue was present in jackson-databind till
> version 2.7.9.1.
> [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525]
> We already have a dependency on jackson 2.x. Let's replace jackson-mapper-asl
> with jackson-databind and update jackson to the latest version.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
