That is exactly correct ... thank you .. On Wednesday, January 30, 2019 at 10:20:34 PM UTC-8, Laird Nelson wrote: > > In fairness to the original poster, some of us at certain maybe mutual > large corporations might be subject to their inflexible mysterious tone > deaf baffling legal-department-instigated restrictions and wish very > strongly we could change them, but we know better, so we might ask the > questions we are required to ask, while cringing inside, and hoping we > aren’t judged too harshly by those who can plainly view all the > absurdities. I speak hypothetically of course. > > Best, > Laird > > On Wed, Jan 30, 2019 at 5:09 PM Tatu Saloranta <[email protected] > <javascript:>> wrote: > >> On Wed, Jan 30, 2019 at 3:19 PM Penny Wells <[email protected] >> <javascript:>> wrote: >> > >> > We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the >> CVE-2018-19362. >> > I do see a bugfix applied into github for 2.9.8 but can't be sure as >> the CVE does not have this information. >> > Can someon confirm for us that this CVE (CVE-2018-19362) is fixed in >> the latest jackson-databind 2.9.8 ? >> > thanks, Penny, Oracle Corp. >> >> I am bit hurt by your distrust of actual developers' information, as >> opposed to some CVE tracker somewhere that has little idea of what >> goes into which release :-o >> >> But, yes, fix to that CVE is in 2.9.8, as per official Release Notes: >> >> https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 >> >> and linked to Github issue >> >> https://github.com/FasterXML/jackson-databind/issues/2186 >> >> which are canonical definitions of where fixes go. >> >> -+ Tatu +- >> >> ps. Pox on security scan tools and their makers who make money by >> essential spreading FUD and misinformation. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "jackson-user" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> >
-- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
