Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update Jackson to 2.13.3 #5067

Closed
JonathanLennox opened this issue May 17, 2022 · 1 comment · Fixed by #5076
Closed

Update Jackson to 2.13.3 #5067

JonathanLennox opened this issue May 17, 2022 · 1 comment · Fixed by #5076
Labels
CQ required

Comments

@JonathanLennox
Copy link

Jackson 2.13.0 has a CVE filed against it: CVE-2020-36518. It's fixed in 2.13.3.
@kolbma
Copy link

kolbma commented May 28, 2022

The CVE says first in text before 2.13.0...
And below in Known Affected Software Configurations

  • Up to (excluding) 2.12.6.1 (there exists also 2.12.7)
  • And >= 2.13.0 < 2.13.2.1

https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind

@senivam senivam linked a pull request Jun 7, 2022 that will close this issue
Update Jackson to 2.13.3 #5076
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
CQ required
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Jackson to 2.13.3 senivam/jersey
3 participants
@JonathanLennox @kolbma @jansupol