[
https://issues.apache.org/jira/browse/TINKERPOP-2016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16566186#comment-16566186
]
ASF GitHub Bot commented on TINKERPOP-2016:
-------------------------------------------
GitHub user robertdale opened a pull request:
https://github.com/apache/tinkerpop/pull/904
TINKERPOP-2016 Bumped to Jackson 2.9.6
https://issues.apache.org/jira/browse/TINKERPOP-2016
Bumped to Jackson 2.9.6 for CVE.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/tinkerpop TINKERPOP-2016
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/tinkerpop/pull/904.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #904
----
commit 1829318f6bfce1bc360818c6a0c34492fa69ec9a
Author: Robert Dale <robdale@...>
Date: 2018-08-02T00:02:14Z
TINKERPOP-2016 Bumped to Jackson 2.9.6
----
> Upgrade Jackson FasterXML to 2.9.5 or later to fix security vulnerability
> -------------------------------------------------------------------------
>
> Key: TINKERPOP-2016
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2016
> Project: TinkerPop
> Issue Type: Bug
> Affects Versions: 3.3.3, 3.2.9
> Reporter: Luke Daugherty
> Assignee: Robert Dale
> Priority: Major
> Labels: security
>
> The jackson libraries included in groovy-shaded-3.3.3 have a CVE reported
> against them so the library is reported as High risk by vulnerability
> scanners such as Nexus.
> *[CVE-2018-7489|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7489]*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
