We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the *CVE-2018-19362.* *I do see a bugfix applied into github for 2.9.8 but can't be sure as the CVE does not have this information.* *Can someon confirm for us that this CVE (* *CVE-2018-19362) is fixed in the latest jackson-databind 2.9.8 ?*
*thanks, Penny, Oracle Corp.* -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
