curator-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CURATOR-481) Remove jackson-mapper-asl-version and update to latest version of jackson
Date Fri, 09 Nov 2018 15:41:00 GMT

    [ https://issues.apache.org/jira/browse/CURATOR-481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16681604#comment-16681604
] 

ASF GitHub Bot commented on CURATOR-481:
----------------------------------------

Github user matobet commented on the issue:

    https://github.com/apache/curator/pull/280
  
    Hi, thanks @Max-Pudov for contributing this! The security scans can get pretty annoying
continuously reporting Curator for the usage of `jackson-mapper-asl`. Is there anything preventing
this from getting merged?


> Remove jackson-mapper-asl-version and update to latest version of jackson
> -------------------------------------------------------------------------
>
>                 Key: CURATOR-481
>                 URL: https://issues.apache.org/jira/browse/CURATOR-481
>             Project: Apache Curator
>          Issue Type: Bug
>          Components: General
>    Affects Versions: 2.3.0
>            Reporter: Maxim Pudov
>            Priority: Major
>             Fix For: 4.1.0
>
>
> There is a vulnerability issue in jackson-mapper-asl-version 1.9.13 and it is no longer
supported. The same issue was present in jackson-databind till version 2.7.9.1.
> [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525]
> We already have a dependency on jackson 2.x. Let's replace jackson-mapper-asl with
jackson-databind and update jackson to the latest version.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message