[
https://issues.apache.org/jira/browse/SOLR-16443?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652134#comment-17652134
]
ASF subversion and git services commented on SOLR-16443:
--------------------------------------------------------
Commit 41b41f04d304f45241240e48f06b42c1629b5423 in solr's branch
refs/heads/branch_9_1 from Kevin Risden
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=41b41f04d30 ]
SOLR-16443: Upgrade Jackson bom to 2.13.4.20221013 (#1106)
> Upgrade Jackson bom to 2.13.4.20221013
> --------------------------------------
>
> Key: SOLR-16443
> URL: https://issues.apache.org/jira/browse/SOLR-16443
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 8.11.2, 9.1
> Reporter: Nicolò Mendola
> Assignee: Kevin Risden
> Priority: Minor
> Fix For: main (10.0), 9.2
>
>
> Due to actual jackson-databind cve listing CVE-2022-42004 and CVE-2022-42003
> the Libary should be updated.
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004]
> https://nvd.nist.gov/vuln/detail/CVE-2022-42003
>
> Perhaps for version 9.1.0 as well as 8.11.2?
> Best Regards
> h4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
