[ https://issues.apache.org/jira/browse/TINKERPOP-2948?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17721547#comment-17721547 ]
ASF GitHub Bot commented on TINKERPOP-2948: ------------------------------------------- codecov-commenter commented on PR #2061: URL: https://github.com/apache/tinkerpop/pull/2061#issuecomment-1542785683 ## [Codecov](https://app.codecov.io/gh/apache/tinkerpop/pull/2061?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report > Merging [#2061](https://app.codecov.io/gh/apache/tinkerpop/pull/2061?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (311cd8d) into [3.5-dev](https://app.codecov.io/gh/apache/tinkerpop/commit/2ee47f203ffa76b9c0c466bd8ba291010afdd831?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (2ee47f2) will **decrease** coverage by `5.14%`. > The diff coverage is `n/a`. ```diff @@ Coverage Diff @@ ## 3.5-dev #2061 +/- ## ============================================= - Coverage 69.38% 64.24% -5.14% ============================================= Files 866 25 -841 Lines 41251 3759 -37492 Branches 5442 0 -5442 ============================================= - Hits 28621 2415 -26206 + Misses 10719 1166 -9553 + Partials 1911 178 -1733 ``` [see 841 files with indirect coverage changes](https://app.codecov.io/gh/apache/tinkerpop/pull/2061/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) :mega: We’re building smart automated test selection to slash your CI/CD build times. [Learn more](https://about.codecov.io/iterative-testing/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) > PRISMA security vulnerabilty for jackson-databind 2.14.0 > -------------------------------------------------------- > > Key: TINKERPOP-2948 > URL: https://issues.apache.org/jira/browse/TINKERPOP-2948 > Project: TinkerPop > Issue Type: Bug > Components: server > Affects Versions: 3.6.3, 3.5.6 > Reporter: Aaron Coady > Priority: Major > > > h1. PRISMA-2023-0067 logged against jackson-databind 2.14.0 > [https://github.com/FasterXML/jackson-core/pull/827] > > com.fasterxml.jackson.core_jackson-core package versions before 2.15.0 are > vulnerable to Denial of Service (DoS). The package does not properly restrict > the size or amount of resources that are requested or influenced by an actor, > which can be used to consume more resources than intended and leads to > Uncontrolled Resource Consumption ('Resource Exhaustion') -- This message was sent by Atlassian Jira (v8.20.10#820010)