Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-15328

Bump jackson version to >= 2.9.9.3 to address security vulnerabilities

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Triage Needed
    • Priority: Normal
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Build
    • Labels:
      None
    • Platform:
      All
    • Impacts:
      None

      Description

      Bump jackson version to >= 2.9.9.3 to address security vulnerabilities

      CVE-2019-12086  jackson-databind Medium https://nvd.nist.gov/vuln/detail/CVE-2019-12086          
      CVE-2019-12384  jackson-databind  Medium      https://nvd.nist.gov/vuln/detail/CVE-2019-12384          
      CVE-2019-12814          jackson-databind  Medium https://nvd.nist.gov/vuln/detail/CVE-2019-12814          
      CVE-2019-14439    jackson-databind  High
      https://nvd.nist.gov/vuln/detail/CVE-2019-14439

      Last jackson-databind bumped to 2.9.5 in 4.0 with CASSANDRA-14427

      Jackson 2.9 release notes:

      https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vanessa.haro Vanessa Haro
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: