kylin-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KYLIN-3372) Upgrade jackson-databind version due to security concerns
Date Wed, 09 May 2018 00:15:00 GMT
Ted Yu created KYLIN-3372:
-----------------------------

             Summary: Upgrade jackson-databind version due to security concerns
                 Key: KYLIN-3372
                 URL: https://issues.apache.org/jira/browse/KYLIN-3372
             Project: Kylin
          Issue Type: Task
            Reporter: Ted Yu



* https://nvd.nist.gov/vuln/detail/CVE-2018-5968
* https://nvd.nist.gov/vuln/detail/CVE-2018-7489
* https://nvd.nist.gov/vuln/detail/CVE-2017-7525
* https://nvd.nist.gov/vuln/detail/CVE-2017-17485
* https://nvd.nist.gov/vuln/detail/CVE-2017-15095

We should either remove the dependency or upgrade to version 2.8.11.1 or the latest, if possible.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message