Uploaded image for project: 'Apache Curator'
  1. Apache Curator
  2. CURATOR-481

Remove jackson-mapper-asl-version and update to latest version of jackson

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.3.0
    • Fix Version/s: 4.2.0
    • Component/s: General
    • Labels:
      None

      Description

      There is a vulnerability issue in jackson-mapper-asl-version 1.9.13 and it is no longer supported. The same issue was present in jackson-databind till version 2.7.9.1.

      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525

      We already have a dependency on jackson 2.x. Let's replace jackson-mapper-asl with jackson-databind and update jackson to the latest version.

       

       

        Attachments

          Activity

            People

            • Assignee:
              randgalt Jordan Zimmerman
              Reporter:
              Maxim.Pudov Maxim Pudov
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 0.5h
                0.5h