Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build is broken because of CVE-2018-7489 #139

Closed
sapessi opened this issue Mar 24, 2018 · 2 comments
Closed

Build is broken because of CVE-2018-7489 #139

sapessi opened this issue Mar 24, 2018 · 2 comments
Labels
CVE Critical security vulnerability in dependencies
Milestone
Release 1.1

Comments

@sapessi
Copy link
Collaborator

sapessi commented Mar 24, 2018

  • Framework version: 1.0.1
  • Implementations: Jersey / Spring / Spring Boot / Spark

Scenario

A Jackson critical vulnerability, CVE-2018-7489, is blocking the build. We are waiting for Jackson 2.9.5 that should address the issue.
@sapessi sapessi added the CVE Critical security vulnerability in dependencies label Mar 24, 2018
@sapessi sapessi added this to the Release 1.1 milestone Mar 24, 2018
@sapessi
Copy link
Collaborator Author

sapessi commented Apr 2, 2018

Jackson 2.9.5 is out, we will include it in the next release.

sapessi added a commit that referenced this issue Apr 5, 2018
@sapessi
Bump in Jackson version to address #139.
6c90756
@sapessi sapessi mentioned this issue Apr 6, 2018
Merged
@sapessi
Copy link
Collaborator Author

sapessi commented Apr 6, 2018

Updated dependency in latest merge. Closing this issue.

@sapessi sapessi closed this as completed Apr 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CVE Critical security vulnerability in dependencies
Projects
None yet
Milestone
Release 1.1
Development

No branches or pull requests
1 participant
@sapessi