[ https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295041#comment-16295041 ]
Larry McCay commented on KNOX-1145: ----------------------------------- Agreed, +1 to push at will. :) > Upgrade Jackson due to CVE-2017-7525 > ------------------------------------ > > Key: KNOX-1145 > URL: https://issues.apache.org/jira/browse/KNOX-1145 > Project: Apache Knox > Issue Type: Improvement > Reporter: Colm O hEigeartaigh > Assignee: Colm O hEigeartaigh > Fix For: 1.0.0 > > Attachments: KNOX-1145.patch > > > Apache Knox currently ships the Jackson databind jar version 2.2.2. However, > there is a security advisory CVE-2017-7525 released for this component: > https://github.com/FasterXML/jackson-databind/issues/1599 > We should upgrade Jackson to pick this fix up. -- This message was sent by Atlassian JIRA (v6.4.14#64029)