zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrico Olivelli (Jira)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-3442) OWASP jenkins failing due to jackson databind CVE published
Date Wed, 11 Sep 2019 20:34:01 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-3442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Enrico Olivelli updated ZOOKEEPER-3442:
---------------------------------------
    Fix Version/s:     (was: 3.5.6)
                       (was: 3.4.15)
                       (was: 3.6.0)

> OWASP jenkins failing due to jackson databind CVE published
> -----------------------------------------------------------
>
>                 Key: ZOOKEEPER-3442
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3442
>             Project: ZooKeeper
>          Issue Type: Bug
>    Affects Versions: 3.6.0, 3.5.5, 3.4.14
>            Reporter: Patrick Hunt
>            Priority: Blocker
>
> The OWASP job is failing due to a medium priority jackson databind issue.
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814
> we should upgrade the dependency version - I looked into the issue, should be straightforward,
however the new dependency (2.9.9.1) is not yet available from the upstream. Once it is we
should upgrade.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message