[jira] [Closed] (TINKERPOP-2401) Upgrade Jackson-databind to 2.11.x

Stephen Mallette (Jira) Thu, 10 Sep 2020 05:29:23 -0700


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Stephen Mallette closed TINKERPOP-2401.
---------------------------------------
    Fix Version/s: 3.4.9
                   3.5.0
       Resolution: Done

> Upgrade Jackson-databind to 2.11.x
> ----------------------------------
>
>                 Key: TINKERPOP-2401
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2401
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.4.8
>            Reporter: Divij Vaidya
>            Assignee: Stephen Mallette
>            Priority: Major
>             Fix For: 3.5.0, 3.4.9
>
>
> Currently TinkerPop uses 2.9.10.5 version which has known [security 
> vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/version_id-353769/Fasterxml-Jackson-databind-2.9.10.html].
> As per guidance from Jackson-databind, 2.9.x is a non-active branch. To quote 
> from https://github.com/FasterXML/jackson
> {quote}2.9: non-active branch from which micro-patch releases (like 2.9.10.5) 
> MAY be made for individual components (jackson-databind usually){quote}
> Backport 2.11.x from master to 3.4-dev



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Closed] (TINKERPOP-2401) Upgrade Jackson-databind to 2.11.x

Reply via email to