Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade jackson-databind dependency #169

Closed
Malinskiy opened this issue Sep 13, 2021 · 3 comments · Fixed by #170
Closed

Upgrade jackson-databind dependency #169

Malinskiy opened this issue Sep 13, 2021 · 3 comments · Fixed by #170
Labels
released This feature/bug fix has been released

Comments

@Malinskiy
Copy link

The current dependency on version 2.9.1 is not very secure and brings in at least 20+ critical vulns.

Latest version stance can be found here
@mattdyoung
Copy link

Thanks for flagging this. We'll look at addressing this soon.

@mattdyoung mattdyoung added backlog We hope to fix this feature/bug in the future bug Confirmed bug labels Sep 13, 2021
@daj
Copy link

daj commented Sep 30, 2021

FYI, GitHub now provides security scanning capabilities, which you can enable via the Security tab in your repo.

@tomlongridge tomlongridge mentioned this issue Oct 6, 2021
Merged
@luke-belton
Copy link
Member

Hi @Malinskiy - just to let you know we bumped the version of Jackson used in bugsnag-java, which was released in v3.6.3 🎉

@luke-belton luke-belton added released This feature/bug fix has been released and removed bug Confirmed bug backlog We hope to fix this feature/bug in the future labels Oct 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released This feature/bug fix has been released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[PLAT-7255] bump jackson dep from 2.9.1 to latest stable bugsnag/bugsnag-java
4 participants
@daj @Malinskiy @mattdyoung @luke-belton