People with differing experiences/opinions just had a cordial dialog on the internet. I think you all deserve a round of high fives and group hugs.
--Erik On Thu, Jan 31, 2019 at 3:26 PM Penny Wells <[email protected]> wrote: > That is exactly correct ... thank you .. > > On Wednesday, January 30, 2019 at 10:20:34 PM UTC-8, Laird Nelson wrote: >> >> In fairness to the original poster, some of us at certain maybe mutual >> large corporations might be subject to their inflexible mysterious tone >> deaf baffling legal-department-instigated restrictions and wish very >> strongly we could change them, but we know better, so we might ask the >> questions we are required to ask, while cringing inside, and hoping we >> aren’t judged too harshly by those who can plainly view all the >> absurdities. I speak hypothetically of course. >> >> Best, >> Laird >> >> On Wed, Jan 30, 2019 at 5:09 PM Tatu Saloranta <[email protected]> >> wrote: >> >>> On Wed, Jan 30, 2019 at 3:19 PM Penny Wells <[email protected]> >>> wrote: >>> > >>> > We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the >>> CVE-2018-19362. >>> > I do see a bugfix applied into github for 2.9.8 but can't be sure as >>> the CVE does not have this information. >>> > Can someon confirm for us that this CVE (CVE-2018-19362) is fixed in >>> the latest jackson-databind 2.9.8 ? >>> > thanks, Penny, Oracle Corp. >>> >>> I am bit hurt by your distrust of actual developers' information, as >>> opposed to some CVE tracker somewhere that has little idea of what >>> goes into which release :-o >>> >>> But, yes, fix to that CVE is in 2.9.8, as per official Release Notes: >>> >>> https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.8 >>> >>> and linked to Github issue >>> >>> https://github.com/FasterXML/jackson-databind/issues/2186 >>> >>> which are canonical definitions of where fixes go. >>> >>> -+ Tatu +- >>> >>> ps. Pox on security scan tools and their makers who make money by >>> essential spreading FUD and misinformation. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "jackson-user" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "jackson-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
