Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-16443

Upgrade Jackson bom to 2.13.4.20221013

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 8.11.2, 9.1
    • main (10.0), 9.1.1
    • None
    • None

    Description

      Due to actual jackson-databind cve  listing CVE-2022-42004 and CVE-2022-42003 the Libary should be updated.

      https://nvd.nist.gov/vuln/detail/CVE-2022-42004

      https://nvd.nist.gov/vuln/detail/CVE-2022-42003
       

      Perhaps for version 9.1.0 as well as 8.11.2?

      Best Regards

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. LOG4J2-3609 javac error when PluginProcessor (log4j-core jar) is in the classpath and annotation is not

          • Major - Major loss of function.
          • Open

          Activity

            People

              krisden Kevin Risden
              nmendola Nicolò Mendola
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: