Hi Grzegorz,
Is there any updated for this issue?
We may need a JIRA to track this kind of issue.
Willem Jiang
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On Tue, Apr 17, 2018 at 3:04 PM, Grzegorz Grzybek
wrote
Hello
> It may look like Jackson has not provided CVE fixes for these reports
> on their 2.8.x versions. That version is what is in use for Camel
> 2.20.x and 2.21.x and therefore its more tricky to do something about
> it. Camel users can try to switch to use Jackson 2.9.5 with their
> Camel 2.2
Hi David
Thanks for bringing this to our attention.
The 1st issue
https://nvd.nist.gov/vuln/detail/CVE-2018-7489
Seems to only be applicable if you have spring JARs on the classpath
which some Camel users may have.
The 2nd issue
https://nvd.nist.gov/vuln/detail/CVE-2018-7489
Seems to only be