[ https://issues.apache.org/jira/browse/TOMEE-3860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17514873#comment-17514873 ]
Cesar Hernandez commented on TOMEE-3860: ---------------------------------------- Hi [~9177012889] , I'm not aware of a potential release date for 8.0.11. If not already, I'll suggest you subscribe to TomEE mailing list to follow up over release dates: [https://tomee.apache.org/mailing-lists.html] Have a nice day! > Upgrade jackson-databind for CVE-2020-36518 > ------------------------------------------- > > Key: TOMEE-3860 > URL: https://issues.apache.org/jira/browse/TOMEE-3860 > Project: TomEE > Issue Type: Bug > Affects Versions: 8.0.10 > Reporter: Yugandher reddy vonteddu > Priority: Critical > Labels: CVE > Fix For: 8.0.11 > > > jackson-databind-2.13.0-rc2.jar is vulnerable and should be upgraded. > [https://nvd.nist.gov/vuln/detail/CVE-2020-36518] > > -- This message was sent by Atlassian Jira (v8.20.1#820001)