[ https://issues.apache.org/jira/browse/TINKERPOP-2275?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Dale closed TINKERPOP-2275. ---------------------------------- Resolution: Fixed > Update jackson databind 2.9.9.3+ > -------------------------------- > > Key: TINKERPOP-2275 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2275 > Project: TinkerPop > Issue Type: Improvement > Components: io > Affects Versions: 3.3.7, 3.4.2 > Reporter: Robert Dale > Assignee: Robert Dale > Priority: Minor > Labels: security > Fix For: 3.3.9, 3.4.4 > > > > Fixes more gadget vulnerabilities with ehcache and logback in the classpath. > [https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617] > > Note that the fix is in 2.9.9.2. However, that version broke things. Waiting > for 2.9.9.3 to be released. > [https://github.com/FasterXML/jackson-databind/issues/2395] > > TinkerPop is not directly affected hence low priority (let alone that the fix > isn't even available). > -- This message was sent by Atlassian JIRA (v7.6.14#76016)