On Thu, Dec 20, 2018 at 9:08 AM garvit singh <[email protected]> wrote: > > github security alert shows these CVEs for jackson-databind 2.7.9.4
That would also contain fixes yes. Github issues I listed should contain accurate information of inclusion. -+ Tatu +- > > On Tuesday, December 11, 2018 at 10:10:15 PM UTC-5, Tatu Saloranta wrote: >> >> On Tue, Dec 11, 2018 at 7:04 PM garvit singh <[email protected]> wrote: >> > >> > Hello, >> > >> > jackson-databind-2.6.7.2 >> > >> > >> > does it have fix for >> > >> > CVE-2018-7489 >> > CVE-2017-17485 >> >> No; these are Jackson-databind issues #1931 (CVE-2018-7489) and #1855 >> (CVE-2017-17485), >> and only included in patches for 2.7(.9.3) and later. >> >> -+ Tatu +- >> >> > >> > >> > -garvit >> > >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "jackson-user" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > To post to this group, send email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "jackson-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
