Details
-
Improvement
-
Status: Triage Needed
-
Normal
-
Resolution: Unresolved
-
None
-
None
-
All
-
None
Description
Bump jackson version to >= 2.9.9.3 to address security vulnerabilities
CVE-2019-12086 jackson-databind Medium https://nvd.nist.gov/vuln/detail/CVE-2019-12086 |
CVE-2019-12384 jackson-databind Medium https://nvd.nist.gov/vuln/detail/CVE-2019-12384 |
CVE-2019-12814 jackson-databind Medium https://nvd.nist.gov/vuln/detail/CVE-2019-12814 |
CVE-2019-14439 jackson-databind High https://nvd.nist.gov/vuln/detail/CVE-2019-14439 |
Last jackson-databind bumped to 2.9.5 in 4.0 with CASSANDRA-14427
Jackson 2.9 release notes:
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9