struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (Jira)" <j...@apache.org>
Subject [jira] [Commented] (WW-5038) Upgrade jackson-databind to version 2.9.9.3
Date Fri, 06 Sep 2019 08:17:00 GMT

    [ https://issues.apache.org/jira/browse/WW-5038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16924027#comment-16924027
] 

ASF GitHub Bot commented on WW-5038:
------------------------------------

lukaszlenart commented on pull request #365: [WW-5038] Upgrades jackson-databind to version
2.9.9.3
URL: https://github.com/apache/struts/pull/365
 
 
   Fixes [WW-5038](https://issues.apache.org/jira/browse/WW-5038)
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Upgrade jackson-databind to version 2.9.9.3
> -------------------------------------------
>
>                 Key: WW-5038
>                 URL: https://issues.apache.org/jira/browse/WW-5038
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Plugin - REST
>            Reporter: Lukasz Lenart
>            Priority: Minor
>             Fix For: 2.5.21, 2.6
>
>
> One or more dependencies were identified with known vulnerabilities in Struts 2 REST
Plugin:
> jackson-databind-2.9.8.jar (cpe:/a:fasterxml:jackson:2.9.8, cpe:/a:fasterxml:jackson-databind:2.9.8,
com.fasterxml.jackson.core:jackson-databind:2.9.8) : CVE-2019-14379, CVE-2019-12814, CVE-2019-14439,
CVE-2019-12086, CVE-2019-12384



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message