[Bug 63655] New: Please update dependency of jackson-databind and apache-tika

bugzilla Fri, 09 Aug 2019 07:58:40 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=63655


            Bug ID: 63655
           Summary: Please update dependency of jackson-databind and
                    apache-tika
           Product: JMeter
           Version: 5.1.1
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Main
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: JMETER_5.2

Hello,

please update these two dependencies to the latest versions to fix some
problems.

* com.fasterxml.jackson.core:jackson-databind to 2.9.9.3
multiple problems compared to current 2.9.9
CVE-2019-14379 - https://github.com/FasterXML/jackson-databind/issues/2387
CVE-2019-12384 - https://github.com/FasterXML/jackson-databind/issues/2334
CVE-2019-12814 - https://github.com/FasterXML/jackson-databind/issues/2341


* org.apache.tika:tika-core to 1.22 (fix CVE-2019-10094)
   Mailing-list description of problem:
https://lists.apache.org/thread.html/fe876a649d9d36525dd097fe87ff4dcb3b82bb0fbb3a3d71fb72ef61@<dev.tika.apache.org>

We are using these replacements libs for some days with noticing problems (but
these are no real extensive tests)

Thanks,
Stefan Seide

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 63655] New: Please update dependency of jackson-databind and apache-tika

Reply via email to