Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

jackson-databind outdated #183

Closed
andresluuk opened this issue Nov 30, 2022 · 3 comments
Closed

jackson-databind outdated #183

andresluuk opened this issue Nov 30, 2022 · 3 comments
Labels
released This feature/bug fix has been released

Comments

@andresluuk
Copy link

Current version of bugsnag deppends on jackson-databind with 2 vulnerabilities:
https://mvnrepository.com/artifact/com.bugsnag/bugsnag/3.6.4
Maybe it could be pumped?

@andresluuk andresluuk changed the title jackson-databind2 outdated jackson-databind outdated Nov 30, 2022
@johnkiely1 johnkiely1 added feature request Request for a new feature backlog We hope to fix this feature/bug in the future labels Nov 30, 2022
@johnkiely1
Copy link
Member

Hi @andresluuk,

Thanks, we will look to get that updated as soon as priorities allow.

@jamesmcguirepro
Copy link

@johnkiely1 Looks like the same problem with bugsnag:3.7.1 depending on jackson-databind:2.12.6.1:

https://mvnrepository.com/artifact/com.bugsnag/bugsnag/3.7.1

@mclack
Copy link

mclack commented Jan 18, 2024

Hi @jamesmcguirepro

Following the link you've provided, it does not appear that any vulnerabilities are being highlighted in relation to the latest release of bugsnag-java, and it shows the SDK using v2.14.1 of jackson-databind rather than v2.12.6.1 as you mention.

The version of jackson-databind was bumped up in v3.7.0 to avoid these vulnerabilities, and so the SDK should no longer be using that version of jackson-databind. You can see the relevant PR here: #184

@mclack mclack added released This feature/bug fix has been released and removed feature request Request for a new feature backlog We hope to fix this feature/bug in the future labels Jan 18, 2024
@mclack mclack closed this as completed Jan 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
released This feature/bug fix has been released
Projects
None yet
Development

No branches or pull requests

4 participants