Hi everyone, The Dropwizard team has just released maintenance releases 1.2.9 and 1.3.6. They a fix a serious DoS attack vulnerability in Jackson https://github.com/FasterXML/jackson-databind/issues/2141. The attacker can easily bring the server down if you deserialize dates from JSON. See https://github.com/dropwizard/dropwizard/pull/2511 for the details.
We strongly advice everyone to upgrade as soon as possible. Artem on behalf of the Dropwizard team -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
