[ https://issues.apache.org/jira/browse/IGNITE-13601?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxim Muzafarov updated IGNITE-13601: ------------------------------------- Priority: Blocker (was: Critical) > Ignite-rest-http and ignite-kubernetes include vulnerable dependencies > ---------------------------------------------------------------------- > > Key: IGNITE-13601 > URL: https://issues.apache.org/jira/browse/IGNITE-13601 > Project: Ignite > Issue Type: Bug > Components: rest > Affects Versions: 2.8.1 > Reporter: Andrew Story > Priority: Blocker > Labels: 2.9.1-rc > Fix For: 2.10 > > > The ignite-rest-http and ignite-kubernetes modules include a vulnerable > version of the jackson-databind library. This was spotted in 2.8.1. > This component jackson-databind-2.9.6.jar is flagged as having numerous > critical, high and medium security vulnerabilities, one of which is > described here: > [https://nvd.nist.gov/vuln/detail/CVE-2019-14540] > More here: > [http://apache-ignite-users.70518.x6.nabble.com/Critical-security-vulnerability-for-opt-ignite-apache-ignite-libs-optional-ignite-rest-http-jackson-r-td34032.html] > -- This message was sent by Atlassian Jira (v8.3.4#803005)