[jira] [Commented] (CURATOR-481) Remove jackson-mapper-asl-version and update to latest version of jackson

ASF GitHub Bot (JIRA) Sun, 20 Jan 2019 21:26:34 -0800


    [ 
https://issues.apache.org/jira/browse/CURATOR-481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16747668#comment-16747668
 ]


ASF GitHub Bot commented on CURATOR-481:
----------------------------------------

Github user leventov commented on the issue:

    https://github.com/apache/curator/pull/280
  
    @Randgalt @cammckenzie I believe such update is safe. See #301.


> Remove jackson-mapper-asl-version and update to latest version of jackson
> -------------------------------------------------------------------------
>
>                 Key: CURATOR-481
>                 URL: https://issues.apache.org/jira/browse/CURATOR-481
>             Project: Apache Curator
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 2.3.0
>            Reporter: Maxim Pudov
>            Priority: Major
>             Fix For: TBD
>
>
> There is a vulnerability issue in jackson-mapper-asl-version 1.9.13 and it is 
> no longer supported. The same issue was present in jackson-databind till 
> version 2.7.9.1.
> [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525]
> We already have a dependency on jackson 2.x. Let's replace jackson-mapper-asl 
> with jackson-databind and update jackson to the latest version.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (CURATOR-481) Remove jackson-mapper-asl-version and update to latest version of jackson

Reply via email to