[ https://issues.apache.org/jira/browse/ZOOKEEPER-3442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrico Olivelli updated ZOOKEEPER-3442: --------------------------------------- Fix Version/s: (was: 3.5.6) (was: 3.4.15) (was: 3.6.0) > OWASP jenkins failing due to jackson databind CVE published > ----------------------------------------------------------- > > Key: ZOOKEEPER-3442 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3442 > Project: ZooKeeper > Issue Type: Bug > Affects Versions: 3.6.0, 3.5.5, 3.4.14 > Reporter: Patrick Hunt > Priority: Blocker > > The OWASP job is failing due to a medium priority jackson databind issue. > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814 > we should upgrade the dependency version - I looked into the issue, should be > straightforward, however the new dependency (2.9.9.1) is not yet available > from the upstream. Once it is we should upgrade. -- This message was sent by Atlassian Jira (v8.3.2#803003)