[
https://issues.apache.org/jira/browse/SLING-9585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dan Klco resolved SLING-9585.
-----------------------------
Resolution: Fixed
Resolved in
https://github.com/apache/sling-org-apache-sling-starter/commit/e4ad27c7a316d1d1e6057e6658430dfa3e243957
> Update Jackson DataBind
> -----------------------
>
> Key: SLING-9585
> URL: https://issues.apache.org/jira/browse/SLING-9585
> Project: Sling
> Issue Type: Improvement
> Components: Starter
> Affects Versions: Starter 11
> Reporter: Dan Klco
> Assignee: Dan Klco
> Priority: Major
> Fix For: Starter 12
>
>
> The current version of Jackson DataBind packaged in Sling Starter 11 has a
> number of known vulnerabilities and should be updated. This includes critical
> vulnerabilities such as:
> CVE-2019-17267
> CVE-2019-17531
> CVE-2019-14540
> CVE-2019-16335
> The recommendation is to upgrade to 2.9.10.5.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
