[jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525

Philip Zampino (JIRA) Fri, 15 Dec 2017 10:47:20 -0800

    [ 
https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16293016#comment-16293016
 ]


Philip Zampino commented on KNOX-1145:
--------------------------------------

It may depend on whether the 0.14.0 branch has been created yet or not.

On Fri, Dec 15, 2017 at 12:46 PM, Colm O hEigeartaigh (JIRA) <



> Upgrade Jackson due to CVE-2017-7525
> ------------------------------------
>
>                 Key: KNOX-1145
>                 URL: https://issues.apache.org/jira/browse/KNOX-1145
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Colm O hEigeartaigh
>            Assignee: Colm O hEigeartaigh
>             Fix For: 1.0.0
>
>         Attachments: KNOX-1145.patch
>
>
> Apache Knox currently ships the Jackson databind jar version 2.2.2. However, 
> there is a security advisory CVE-2017-7525 released for this component:
> https://github.com/FasterXML/jackson-databind/issues/1599
> We should upgrade Jackson to pick this fix up.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KNOX-1145) Upgrade Jackson due to CVE-2017-7525

Reply via email to