[
https://issues.apache.org/jira/browse/OAK-12281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18091874#comment-18091874
]
Julian Reschke commented on OAK-12281:
--------------------------------------
What's worse is that 2.19.x is vulnerable by CVE-2026-54514 - and that branch
has no fixes, as opposed to 2.18.x (or that one didn't have the problem in the
first case). Jackson dependencies remain a problem.
> Upgrade jackson-databind dependency to 2.20.2
> ---------------------------------------------
>
> Key: OAK-12281
> URL: https://issues.apache.org/jira/browse/OAK-12281
> Project: Jackrabbit Oak
> Issue Type: Task
> Components: parent
> Reporter: Fabrizio Fortino
> Assignee: Julian Reschke
> Priority: Major
> Fix For: 2.4.0
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)