zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Patrick Hunt (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-3442) OWASP jenkins failing due to jackson databind CVE published
Date Mon, 24 Jun 2019 17:33:00 GMT
Patrick Hunt created ZOOKEEPER-3442:
---------------------------------------

             Summary: OWASP jenkins failing due to jackson databind CVE published
                 Key: ZOOKEEPER-3442
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3442
             Project: ZooKeeper
          Issue Type: Bug
    Affects Versions: 3.4.14, 3.5.5, 3.6.0
            Reporter: Patrick Hunt
             Fix For: 3.6.0, 3.4.15, 3.5.6


The OWASP job is failing due to a medium priority jackson databind issue.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814

we should upgrade the dependency version - I looked into the issue, should be straightforward,
however the new dependency (2.9.9.1) is not yet available from the upstream. Once it is we
should upgrade.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message