[
https://issues.apache.org/jira/browse/TINKERPOP-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Mallette updated TINKERPOP-2401:
----------------------------------------
Component/s: build-release
Affects Version/s: 3.4.8
> Upgrade Jackson-databind to 2.10.x
> ----------------------------------
>
> Key: TINKERPOP-2401
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2401
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Affects Versions: 3.4.8
> Reporter: Divij Vaidya
> Priority: Major
>
> Currently TinkerPop uses 2.9.10.5 version which has known [security
> vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/version_id-353769/Fasterxml-Jackson-databind-2.9.10.html].
> As per guidance from Jackson-databind, 2.9.x is a non-active branch. To quote
> from https://github.com/FasterXML/jackson
> {quote}2.9: non-active branch from which micro-patch releases (like 2.9.10.5)
> MAY be made for individual components (jackson-databind usually){quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
