[
https://issues.apache.org/jira/browse/TINKERPOP-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15945491#comment-15945491
]
ASF GitHub Bot commented on TINKERPOP-1654:
-------------------------------------------
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/586
thank you - getting this tested/merged now.
> Upgrade to jackson-databind 2.8.6+ in gremlin-shaded
> ----------------------------------------------------
>
> Key: TINKERPOP-1654
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1654
> Project: TinkerPop
> Issue Type: Improvement
> Components: io
> Affects Versions: 3.1.6
> Reporter: Andy Tolbert
> Assignee: stephen mallette
> Priority: Critical
>
> Jackson had a vulnerability that was fixed in 2.8.6
> ([FasterXML/jackson-core#322|https://github.com/FasterXML/jackson-core/pull/322]).
> It would be good to upgrade the gremlin-shaded module to depend on a newer
> version.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
