-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Block one more gadget type (javax.swing, CVE-2020-10969) #2642
Comments
Issue fixed; CVE id request submitted. |
@cowtowncoder Is there any indication when 2.9.10.4 is going to be released? Since the CVE is now being picked up by reporters. |
@terryvdgriend In future please ask questions on mailing list (https://groups.google.com/forum/#!forum/jackson-user). Issue reports are getting spammed with this same question over and over. |
Thanks for the clarification, sorry for the inconvenience! |
@terryvdgriend np, I understand that there is a good reason to wish for a security patch ASAP. Just wish I had a better way of keeping everyone informed... |
Another gadget type reported regarding a class in
javax.swing
package..See https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 for description of the general problem.
Mitre id: CVE-2020-10969
Reporters: threedr3am
Fix will be included in:
jackson-bom
version2.8.11.20200310
)The text was updated successfully, but these errors were encountered: