@Martin Perina <mper...@redhat.com> can you help here? Il giorno gio 14 set 2023 alle ore 23:44 Shubha Kulkarni < shubha.kulka...@oracle.com> ha scritto:
> Hi All > > > > I am yet to get any feedback on my query. So I thought I will reach out > again to see if any one has comment on this - > > > > Background: > > I see the commit for CVE-2020-36518 to vdsm-json-rpc to bump jackson > version to 2.12.7 > > > https://github.com/oVirt/vdsm-jsonrpc-java/commit/d1f423809fd491da7b5324b308dac896ded645a7 > > This change in only made in pom.xml is made with "default" scope (i.e > compile). > > > > Queries: > > #1. So at runtime, that means this jar should be explicitly packaged > somewhere else. I am wondering how is this newer jackson jar is picked up? > Does it have anything to do with the change outside pom.xml that I don't > see? > > > > #2. Ideally, I would like to verify that vdsm-jsonrpc-java application is > using jackson-core2.12.7 and jackson-databaind 2.12.7-1 when installed on > engine system. What is the best way to do it? > > > > Thanks > > > > *From:* Shubha Kulkarni > *Sent:* Thursday, September 7, 2023 1:47 PM > *To:* devel@ovirt.org > *Subject:* Jackson-databind related changes > > > > Hello! > > > > There have been changes added to ovirt-engine and vdsm-jsonrpc-java repos > to address security vulnerabilities in jackson-databind package. I see that > the change is made to bump up version of jackson-databind package to > 2.12.7.1. > > I am wondering what is the rpm version for ovirt-engine and > vdsm-jsonrpc-java that has these fixes? Also, I am curious what is the best > way to validate these changes? > > > > Thanks, > > Shubha > _______________________________________________ > Devel mailing list -- devel@ovirt.org > To unsubscribe send an email to devel-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/devel@ovirt.org/message/UDIWOPJMWDCRB53I7P7H2YA7MUEY3QMX/ > -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING Red Hat In-Vehicle Operating System Red Hat EMEA <https://www.redhat.com/> <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.*
_______________________________________________ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/PZIUO2FDWPPK4KS3G45UFMAMIBQWQJZK/