[jira] [Created] (CURATOR-552) Update jackson-databind dependencies

Vladimir Pligin (Jira) Thu, 19 Dec 2019 07:11:32 -0800

Vladimir Pligin created CURATOR-552:
---------------------------------------


             Summary: Update jackson-databind dependencies
                 Key: CURATOR-552
                 URL: https://issues.apache.org/jira/browse/CURATOR-552
             Project: Apache Curator
          Issue Type: Bug
          Components: General
    Affects Versions: 4.2.0
            Reporter: Vladimir Pligin
             Fix For: TBD


There are some CVE reports related to 2.9.8 and 2.9.9 versions, for example:
* 
[CVE-2019-14379|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14379]
* 
[CVE-2019-17267|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17267]
* 
[CVE-2019-16335|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16335]
* 
[CVE-2019-14540|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14540]
* 
[CVE-2019-16943|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16943]
* 
[CVE-2019-16942|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16942]
* 
[CVE-2019-17531|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17531]
* 
[CVE-2019-14439|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14439]
* 
[CVE-2019-12086|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12086]
* 
[CVE-2019-12814|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814]
* 
[CVE-2019-12384|https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12384]

Most of them suggest to update to the 2.9.10 version.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (CURATOR-552) Update jackson-databind dependencies

Reply via email to