[jira] [Commented] (AMQ-7320) Upgrade to Jackson 2.9.10.2

Colm O hEigeartaigh (Jira) Wed, 19 Feb 2020 23:34:30 -0800


    [ 
https://issues.apache.org/jira/browse/AMQ-7320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17040721#comment-17040721
 ]


Colm O hEigeartaigh commented on AMQ-7320:
------------------------------------------

There is another CVE coming in 2.9.10.3, but it's not out yet: 
https://github.com/FasterXML/jackson-databind/issues/2620

> Upgrade to Jackson 2.9.10.2
> ---------------------------
>
>                 Key: AMQ-7320
>                 URL: https://issues.apache.org/jira/browse/AMQ-7320
>             Project: ActiveMQ
>          Issue Type: Task
>          Components: Broker, Web Console
>            Reporter: Jean-Baptiste Onofré
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 5.16.0, 5.15.12
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> In order to fix new CVE, we have to update to Jackson 2.10.0.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (AMQ-7320) Upgrade to Jackson 2.9.10.2

Reply via email to