[ZOOKEEPER-3442] OWASP jenkins failing due to jackson databind CVE published - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Duplicate
Affects Version/s: 3.6.0, 3.5.5, 3.4.14
Fix Version/s: None
Component/s: None
Labels:
None

Description

The OWASP job is failing due to a medium priority jackson databind issue.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12814

we should upgrade the dependency version - I looked into the issue, should be straightforward, however the new dependency (2.9.9.1) is not yet available from the upstream. Once it is we should upgrade.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Patrick D. Hunt

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Jun/19 17:32

Updated:: 11/Sep/19 20:33

Resolved:: 24/Jun/19 18:52