[KNOX-1145] Upgrade Jackson due to CVE-2017-7525 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.0
Component/s: None
Labels:
None

Description

Apache Knox currently ships the Jackson databind jar version 2.2.2. However, there is a security advisory CVE-2017-7525 released for this component:

https://github.com/FasterXML/jackson-databind/issues/1599

We should upgrade Jackson to pick this fix up.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KNOX-1145.patch
12/Dec/17 12:15
2 kB
Colm O hEigeartaigh

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 12/Dec/17 12:14

Updated:: 28/Mar/19 14:08

Resolved:: 18/Dec/17 14:54