[jira] [Commented] (TINKERPOP-1654) Upgrade to jackson-databind 2.8.6+ in gremlin-shaded

ASF GitHub Bot (JIRA) Thu, 23 Mar 2017 11:46:07 -0700

    [ 
https://issues.apache.org/jira/browse/TINKERPOP-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938997#comment-15938997
 ]


ASF GitHub Bot commented on TINKERPOP-1654:
-------------------------------------------

Github user pluradj commented on the issue:

    https://github.com/apache/tinkerpop/pull/579
  
    Did a build with `mvn clean install && mvn verify -pl gremlin-server 
-DskipIntegrationTests=false` and Docker build with tests on `tp32`. Looks fine.
    
    VOTE: +1


> Upgrade to jackson-databind 2.8.6+ in gremlin-shaded
> ----------------------------------------------------
>
>                 Key: TINKERPOP-1654
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-1654
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: io
>    Affects Versions: 3.1.6
>            Reporter: Andy Tolbert
>            Assignee: stephen mallette
>            Priority: Critical
>
> Jackson had a vulnerability that was fixed in 2.8.6 
> ([FasterXML/jackson-core#322|https://github.com/FasterXML/jackson-core/pull/322]).
>   It would be good to upgrade the gremlin-shaded module to depend on a newer 
> version.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (TINKERPOP-1654) Upgrade to jackson-databind 2.8.6+ in gremlin-shaded

Reply via email to