[
https://issues.apache.org/jira/browse/TINKERPOP-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945250#comment-15945250
]
ASF GitHub Bot commented on TINKERPOP-1654:
-------------------------------------------
GitHub user newkek opened a pull request:
https://github.com/apache/tinkerpop/pull/586
TINKERPOP-1654: use deserializatinoContext in `typeFromId()`.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/newkek/incubator-tinkerpop
TINKERPOP-1654-tp32-newkek
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/tinkerpop/pull/586.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #586
----
commit ad268ef4f784d8de0be7650e93e6ab750e3010d5
Author: Kevin Gallardo <[email protected]>
Date: 2017-03-28T14:10:14Z
TINKERPOP-1654: use deserializatinoContext in `typeFromId()`.
----
> Upgrade to jackson-databind 2.8.6+ in gremlin-shaded
> ----------------------------------------------------
>
> Key: TINKERPOP-1654
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1654
> Project: TinkerPop
> Issue Type: Improvement
> Components: io
> Affects Versions: 3.1.6
> Reporter: Andy Tolbert
> Assignee: stephen mallette
> Priority: Critical
>
> Jackson had a vulnerability that was fixed in 2.8.6
> ([FasterXML/jackson-core#322|https://github.com/FasterXML/jackson-core/pull/322]).
> It would be good to upgrade the gremlin-shaded module to depend on a newer
> version.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
