[jira] [Commented] (CURATOR-481) Remove jackson-mapper-asl-version and update to latest version of jackson

ASF GitHub Bot (JIRA) Sun, 09 Dec 2018 14:53:46 -0800


    [ 
https://issues.apache.org/jira/browse/CURATOR-481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16714148#comment-16714148
 ]


ASF GitHub Bot commented on CURATOR-481:
----------------------------------------

Github user cammckenzie commented on the issue:

    https://github.com/apache/curator/pull/280
  
    @Max-Pudov @matobet 
    Guys, any thoughts about backward compatibility issues?


> Remove jackson-mapper-asl-version and update to latest version of jackson
> -------------------------------------------------------------------------
>
>                 Key: CURATOR-481
>                 URL: https://issues.apache.org/jira/browse/CURATOR-481
>             Project: Apache Curator
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 2.3.0
>            Reporter: Maxim Pudov
>            Priority: Major
>             Fix For: 4.1.0
>
>
> There is a vulnerability issue in jackson-mapper-asl-version 1.9.13 and it is 
> no longer supported. The same issue was present in jackson-databind till 
> version 2.7.9.1.
> [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525]
> We already have a dependency on jackson 2.x. Let's replace jackson-mapper-asl 
> with jackson-databind and update jackson to the latest version.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CURATOR-481) Remove jackson-mapper-asl-version and update to latest version of jackson

Reply via email to