[ 
https://issues.apache.org/jira/browse/OAK-12281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091874#comment-18091874
 ] 

Julian Reschke commented on OAK-12281:
--------------------------------------

What's worse is that 2.19.x is vulnerable by CVE-2026-54514 - and that branch 
has no fixes, as opposed to 2.18.x (or that one didn't have the problem in the 
first case). Jackson dependencies remain a problem.

> Upgrade jackson-databind dependency to 2.20.2
> ---------------------------------------------
>
>                 Key: OAK-12281
>                 URL: https://issues.apache.org/jira/browse/OAK-12281
>             Project: Jackrabbit Oak
>          Issue Type: Task
>          Components: parent
>            Reporter: Fabrizio Fortino
>            Assignee: Julian Reschke
>            Priority: Major
>             Fix For: 2.4.0
>
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to