[SLING-9585] Update Jackson DataBind - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Starter 11
Fix Version/s: Starter 12
Component/s: Starter
Labels:
None

Description

The current version of Jackson DataBind packaged in Sling Starter 11 has a number of known vulnerabilities and should be updated. This includes critical vulnerabilities such as:

CVE-2019-17267
CVE-2019-17531
CVE-2019-14540
CVE-2019-16335

The recommendation is to upgrade to 2.9.10.5.

Attachments

Activity

People

Assignee:: Dan Klco

Reporter:: Dan Klco

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Jul/20 03:45

Updated:: 18/Mar/22 15:05

Resolved:: 13/Jul/20 12:33