[ https://issues.apache.org/jira/browse/CURATOR-481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jordan Zimmerman closed CURATOR-481. ------------------------------------ Resolution: Fixed > Remove jackson-mapper-asl-version and update to latest version of jackson > ------------------------------------------------------------------------- > > Key: CURATOR-481 > URL: https://issues.apache.org/jira/browse/CURATOR-481 > Project: Apache Curator > Issue Type: Bug > Components: General > Affects Versions: 2.3.0 > Reporter: Maxim Pudov > Assignee: Jordan Zimmerman > Priority: Major > Fix For: 4.2.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > There is a vulnerability issue in jackson-mapper-asl-version 1.9.13 and it is > no longer supported. The same issue was present in jackson-databind till > version 2.7.9.1. > [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525] > We already have a dependency on jackson 2.x. Let's replace jackson-mapper-asl > with jackson-databind and update jackson to the latest version. > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)