Very helpful, thank you for your response, our validation folks are firing up all sorts of elaborate tests with 2.9.8 and JDK signatures, but this response helps me get around all of that and pave the way in getting 2.9.8 aboard.... Our developers would like to move to the latest JDK versions (along with the new features) as well. but as you know, when large enterprise software is deployed to huge customers (like US Army, Boeing... examples) they do not look kindly to JDK upgrades ....hence we are also forced to continue with older JDK versions and your support and strategy for the older JDK support tells us about a mature development body in this Open Source initiative...Thanks for the quick responses as well. We will take advantage of the security-related forum as well.
On Wednesday, January 30, 2019 at 3:19:06 PM UTC-8, Penny Wells wrote: > > We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the > *CVE-2018-19362.* > *I do see a bugfix applied into github for 2.9.8 but can't be sure as the > CVE does not have this information.* > *Can someon confirm for us that this CVE (* > *CVE-2018-19362) is fixed in the latest jackson-databind 2.9.8 ?* > > *thanks, Penny, Oracle Corp.* > -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
