[
https://issues.apache.org/jira/browse/TINKERPOP-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938239#comment-15938239
]
ASF GitHub Bot commented on TINKERPOP-1654:
-------------------------------------------
GitHub user spmallette opened a pull request:
https://github.com/apache/tinkerpop/pull/579
TINKERPOP-1654 Bumped to Jackson 2.8.7
https://issues.apache.org/jira/browse/TINKERPOP-1654
Did a build with `mvn clean install && mvn verify -pl gremlin-server
-DskipIntegrationTests=false` but expect to do a full build with docker for all
branches this merges too after vote.
VOTE +1
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/tinkerpop TINKERPOP-1654
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/tinkerpop/pull/579.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #579
----
commit d098b141d6aedaf4ee436f2637ae5ca8bab81be5
Author: Stephen Mallette <[email protected]>
Date: 2017-03-23T12:58:37Z
TINKERPOP-1654 Bumped to Jackson 2.8.7
----
> Upgrade to jackson-databind 2.8.6+ in gremlin-shaded
> ----------------------------------------------------
>
> Key: TINKERPOP-1654
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1654
> Project: TinkerPop
> Issue Type: Improvement
> Components: io
> Affects Versions: 3.1.6
> Reporter: Andy Tolbert
> Assignee: stephen mallette
> Priority: Critical
>
> Jackson had a vulnerability that was fixed in 2.8.6
> ([FasterXML/jackson-core#322|https://github.com/FasterXML/jackson-core/pull/322]).
> It would be good to upgrade the gremlin-shaded module to depend on a newer
> version.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
