[jira] [Commented] (JENA-1696) Update jsonld-java and its Jackson dependencies

ASF subversion and git services (JIRA) Fri, 29 Mar 2019 03:05:16 -0700


    [ 
https://issues.apache.org/jira/browse/JENA-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16804766#comment-16804766
 ]


ASF subversion and git services commented on JENA-1696:
-------------------------------------------------------

Commit 642d647d9040b07a86a8bb5bbfc0175c73e2422b in jena's branch 
refs/heads/master from Andy Seaborne
[ https://gitbox.apache.org/repos/asf?p=jena.git;h=642d647 ]

Merge pull request #549 from afs/jackson-update

JENA-1696: Control of jackson versions. Update jsonld-java

> Update jsonld-java and its Jackson dependencies
> -----------------------------------------------
>
>                 Key: JENA-1696
>                 URL: https://issues.apache.org/jira/browse/JENA-1696
>             Project: Apache Jena
>          Issue Type: Task
>    Affects Versions: Jena 3.10.0
>            Reporter: Andy Seaborne
>            Assignee: Andy Seaborne
>            Priority: Major
>             Fix For: Jena 3.11.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Jackson databind has been a source security CVE issues.
> While jsonld-java does not appear to depend on the attacked feature 
> (polymorphic binding), the presense of jackson jars with CVEs cause alters 
> from security scanning tools.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (JENA-1696) Update jsonld-java and its Jackson dependencies

Reply via email to