[jira] [Updated] (ZOOKEEPER-4716) upgrade jackson to 2.15.2, suppress two false positive CVE errors

Mate Szalay-Beko (Jira) Fri, 30 Jun 2023 05:10:04 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mate Szalay-Beko updated ZOOKEEPER-4716:
----------------------------------------
    Summary: upgrade jackson to 2.15.2, suppress two false positive CVE errors  
(was: Fix jackson related CVEs: CVE-2022-45688, CVE-2023-35116)

> upgrade jackson to 2.15.2, suppress two false positive CVE errors
> -----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4716
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4716
>             Project: ZooKeeper
>          Issue Type: Improvement
>    Affects Versions: 3.8.1
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>
> {code:java}
> [INFO] Finished at: 2023-06-30T13:23:38+02:00 
> [INFO] 
> ------------------------------------------------------------------------ 
> [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check 
> (default-cli) on project zookeeper: 
> [ERROR] 
> [ERROR] One or more dependencies were identified with vulnerabilities that 
> have a CVSS score greater than or equal to '0.0': 
> [ERROR] 
> [ERROR] jackson-core-2.13.4.jar: CVE-2022-45688(7.5) 
> [ERROR] jackson-databind-2.13.4.2.jar: CVE-2023-35116(7.5)
>  {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ZOOKEEPER-4716) upgrade jackson to 2.15.2, suppress two false positive CVE errors

Reply via email to