Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in 2.9.9.3 #2471

Closed
prashantLio opened this issue Sep 24, 2019 · 2 comments
Closed

Vulnerability in 2.9.9.3 #2471

prashantLio opened this issue Sep 24, 2019 · 2 comments

Comments

@prashantLio
Copy link

Hi,
We are using the latest version (Non-Beta) of Jackson data-bind (2.9.9.3) and we are facing security issues in it. Can we know when will the next stable build be released.
Below is the list of vulnerabilities,
CVE-2019-16335
CVE-2019-14540
sonatype-2019-0371

Is there any other way around for getting over this vulnerabilities.
@jdelta-RBS
Copy link

Try going to the issues and there's patches for each:
#2410
#2448
#2449

@cowtowncoder
Copy link
Member

@prashantLio Please do not use issue tracker for usage questions. This is what:

are for.

Also do note that whether these are applicable to you or not depends on your usage -- most users are not affected: https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062

But finally: 2.9.10 was just released. Upgrade to that. It has fixes from 2.9.9.3 and beyond.

danielnaber added a commit to languagetool-org/languagetool that referenced this issue Oct 17, 2019
@danielnaber
update Jackson even further (FasterXML/jackson-databind#2471) (#2042)
b725474
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cowtowncoder @jdelta-RBS @prashantLio