[
https://issues.apache.org/jira/browse/WW-5038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16924749#comment-16924749
]
ASF GitHub Bot commented on WW-5038:
------------------------------------
yasserzamani commented on pull request #365: [WW-5038] Upgrades
jackson-databind to version 2.9.9.3
URL: https://github.com/apache/struts/pull/365
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Upgrade jackson-databind to version 2.9.9.3
> -------------------------------------------
>
> Key: WW-5038
> URL: https://issues.apache.org/jira/browse/WW-5038
> Project: Struts 2
> Issue Type: Dependency
> Components: Plugin - REST
> Reporter: Lukasz Lenart
> Priority: Minor
> Fix For: 2.5.21, 2.6
>
>
> One or more dependencies were identified with known vulnerabilities in Struts
> 2 REST Plugin:
> jackson-databind-2.9.8.jar (cpe:/a:fasterxml:jackson:2.9.8,
> cpe:/a:fasterxml:jackson-databind:2.9.8,
> com.fasterxml.jackson.core:jackson-databind:2.9.8) : CVE-2019-14379,
> CVE-2019-12814, CVE-2019-14439, CVE-2019-12086, CVE-2019-12384
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
