[AMQ-7266] Update Jackson databind to 2.9.9.3 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.15.10, 5.16.0
Component/s: None
Labels:
None

Description

We should update Jackson databind to 2.9.9.3. Two new CVEs are issued for 2.9.9.2 (and a bug fix in 2.9.9.3):

https://www.cvedetails.com/cve/CVE-2019-14379

https://www.cvedetails.com/cve/CVE-2019-14439

Attachments

Issue Links

links to

GitHub Pull Request #382

Activity

People

Assignee:: Jean-Baptiste Onofré

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06/Aug/19 15:16

Updated:: 07/Aug/19 05:42

Resolved:: 07/Aug/19 05:42

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

20m