[jira] [Commented] (TINKERPOP-2809) High severity security vulnerability found in jackson databind

Yang Xia (Jira) Mon, 07 Nov 2022 12:36:05 -0800


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17630018#comment-17630018
 ]


Yang Xia commented on TINKERPOP-2809:
-------------------------------------

It looks like 2.14.0 just came out on Nov 5 
(https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.14.0),
 should we bump to that version instead? 

> High severity security vulnerability found in jackson databind
> --------------------------------------------------------------
>
>                 Key: TINKERPOP-2809
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2809
>             Project: TinkerPop
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.6.1
>            Reporter: Aaron Coady
>            Priority: Major
>
> Two High security vulnerabilities in jackson databind. Here are the two 
> links. 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
> Fixes are in 2.14.0



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TINKERPOP-2809) High severity security vulnerability found in jackson databind

Reply via email to