Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-1145

Upgrade Jackson due to CVE-2017-7525

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.0.0
    • None
    • None

    Description

      Apache Knox currently ships the Jackson databind jar version 2.2.2. However, there is a security advisory CVE-2017-7525 released for this component:

      https://github.com/FasterXML/jackson-databind/issues/1599

      We should upgrade Jackson to pick this fix up.

      Attachments

        1. KNOX-1145.patch
          2 kB
          Colm O hEigeartaigh

        Activity

          People

            coheigea Colm O hEigeartaigh
            coheigea Colm O hEigeartaigh
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: