[jira] [Commented] (JENA-1696) Update jsonld-java and its Jackson dependencies

ASF subversion and git services (JIRA) Fri, 29 Mar 2019 03:05:57 -0700


    [ 
https://issues.apache.org/jira/browse/JENA-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16804765#comment-16804765
 ]


ASF subversion and git services commented on JENA-1696:
-------------------------------------------------------

Commit d8c73666197ba1534839281260925ff4f55df959 in jena's branch 
refs/heads/master from Andy Seaborne
[ https://gitbox.apache.org/repos/asf?p=jena.git;h=d8c7366 ]

JENA-1696: Control of jackson versions. Update jsonld-java


> Update jsonld-java and its Jackson dependencies
> -----------------------------------------------
>
>                 Key: JENA-1696
>                 URL: https://issues.apache.org/jira/browse/JENA-1696
>             Project: Apache Jena
>          Issue Type: Task
>    Affects Versions: Jena 3.10.0
>            Reporter: Andy Seaborne
>            Assignee: Andy Seaborne
>            Priority: Major
>             Fix For: Jena 3.11.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Jackson databind has been a source security CVE issues.
> While jsonld-java does not appear to depend on the attacked feature 
> (polymorphic binding), the presense of jackson jars with CVEs cause alters 
> from security scanning tools.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (JENA-1696) Update jsonld-java and its Jackson dependencies

Reply via email to