[
https://issues.apache.org/jira/browse/OAK-9479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17372765#comment-17372765
]
Fabrizio Fortino commented on OAK-9479:
---------------------------------------
[~reschke] there could be some issues in oak-search-elastic since the
elasticsearch dependency brings in jackson 2.10.x
Newer versions of elasticsearch are already on jackson 2.12 but upgrading
elastic at the moment is not an option.
An option would be to upgrade oak main pom to jackson 2.12.3 and specifically
use 2.10.5.1 in oak-search-elastic.
> oak-search-elastic: upgrade jackson-databind to 2.10.5.1
> --------------------------------------------------------
>
> Key: OAK-9479
> URL: https://issues.apache.org/jira/browse/OAK-9479
> Project: Jackrabbit Oak
> Issue Type: Task
> Components: elastic-search, search
> Reporter: Fabrizio Fortino
> Assignee: Fabrizio Fortino
> Priority: Major
> Fix For: 1.42.0
>
>
> The current version (2.10.3) is affected by this vulnerability
> https://nvd.nist.gov/vuln/detail/CVE-2020-25649
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
