Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3699

upgrade jackson-databind to address CVE-2019-20330

    XMLWordPrintableJSON

    Details

      Description

      owasp is flagging
      https://builds.apache.org/view/S-Z/view/ZooKeeper/job/zookeeper-master-maven-owasp/329/console

      > [ERROR] jackson-databind-2.9.10.1.jar: CVE-2019-20330

      "FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking"

      I don't believe we use "ehcache" but we should upgrade asap.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                phunt Patrick D. Hunt
                Reporter:
                phunt Patrick D. Hunt
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m