[NIFI-5286] Update FasterXML Jackson version to 2.9.5 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3.0, 1.4.0, 1.5.0, 1.6.0
Fix Version/s: 1.7.0
Component/s: Core Framework, Extensions
Labels:
- CVE
- security

Description

The current version of FasterXML Jackson-databind used is 2.9.4 which was supposed to fix several critical vulnerabilities but wasn't completely addressed. A fix to address them was introduced in 2.9.5.

More details about the vulnerability can be found at : https://nvd.nist.gov/vuln/detail/CVE-2018-7489

Attachments

Issue Links

links to

GitHub Pull Request #2775

Activity

People

Assignee:: Sivaprasanna Sethuraman

Reporter:: Sivaprasanna Sethuraman

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 09/Jun/18 04:41

Updated:: 09/Jun/18 18:22

Resolved:: 09/Jun/18 18:22