In fairness to the original poster, some of us at certain maybe mutual large corporations might be subject to their inflexible mysterious tone deaf baffling legal-department-instigated restrictions and wish very strongly we could change them, but we know better, so we might ask the questions we are required to ask, while cringing inside, and hoping we aren’t judged too harshly by those who can plainly view all the absurdities. I speak hypothetically of course.
Best, Laird On Wed, Jan 30, 2019 at 5:09 PM Tatu Saloranta <[email protected]> wrote: > On Wed, Jan 30, 2019 at 3:19 PM Penny Wells <[email protected]> > wrote: > > > > We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the > CVE-2018-19362. > > I do see a bugfix applied into github for 2.9.8 but can't be sure as the > CVE does not have this information. > > Can someon confirm for us that this CVE (CVE-2018-19362) is fixed in the > latest jackson-databind 2.9.8 ? > > thanks, Penny, Oracle Corp. > > I am bit hurt by your distrust of actual developers' information, as > opposed to some CVE tracker somewhere that has little idea of what > goes into which release :-o > > But, yes, fix to that CVE is in 2.9.8, as per official Release Notes: > > https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 > > and linked to Github issue > > https://github.com/FasterXML/jackson-databind/issues/2186 > > which are canonical definitions of where fixes go. > > -+ Tatu +- > > ps. Pox on security scan tools and their makers who make money by > essential spreading FUD and misinformation. > > -- > You received this message because you are subscribed to the Google Groups > "jackson-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
