Skip to content

fix: Pull Jackson update to avoid DoS issue #1967

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Pull Jackson update to avoid DoS issue #1967

wants to merge 1 commit into from

Conversation

elevenfive
Copy link

@elevenfive elevenfive commented Jul 26, 2024
edited
Loading

Reported by Snyk: Denial of Service (DoS) [High Severity]

Thank you for opening a Pull Request! Before submitting your PR, there are a few things you can do to make sure it goes smoothly:

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease (if any source code was changed)
  • Appropriate docs were updated (if necessary)

Fixes #1966 ☕️

If you write sample code, please follow the samples format.

@elevenfive elevenfive requested a review from a team as a code owner July 26, 2024 16:49
@product-auto-label product-auto-label bot added the size: xs Pull request size is extra small. label Jul 26, 2024
@elevenfive elevenfive force-pushed the jackson-2.17.2 branch 2 times, most recently from 685b152 to 0e2f45a Compare July 26, 2024 17:00
@elevenfive
fix: Pull Jackson update to avoid DoS issue
2e920df 
- com.fasterxml.jackson.core:jackson-core 2.14.2 -> 2.17.2
- FasterXML/jackson-core#861
- Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538] in com.fasterxml.jackson.core:jackson-core@2.14.2
  introduced by com.google.http-client:google-http-client-jackson2@1.44.2 > com.fasterxml.jackson.core:jackson-core@2.14.2
  This issue was fixed in versions: 2.15.0-rc1
@elevenfive elevenfive changed the title Pull Jackson update to avoid DoS issue fix: Pull Jackson update to avoid DoS issue Jul 26, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size: xs Pull request size is extra small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependency: DOS issue reported by Snyk with outdated jackson-core version 2.14.2
1 participant
@elevenfive