The branch has indeed been cut, and I agree with Sandeep's recommendation to wait until the package restructuring has been completed. It will save Sandeep an additional merge ;-)
On Fri, Dec 15, 2017 at 1:55 PM, Sandeep More (JIRA) <[email protected]> wrote: > > [ https://issues.apache.org/jira/browse/KNOX-1145?page= > com.atlassian.jira.plugin.system.issuetabpanels:comment- > tabpanel&focusedCommentId=16293031#comment-16293031 ] > > Sandeep More commented on KNOX-1145: > ------------------------------------ > > I think the branch is already cut, I am thinking should we wait for the > package restructuring branch merge (for 1.0.0 release) and then commit or > commit now. > Would like to see what folks think. > > Best, > Sandeep > > > > > > > Upgrade Jackson due to CVE-2017-7525 > > ------------------------------------ > > > > Key: KNOX-1145 > > URL: https://issues.apache.org/jira/browse/KNOX-1145 > > Project: Apache Knox > > Issue Type: Improvement > > Reporter: Colm O hEigeartaigh > > Assignee: Colm O hEigeartaigh > > Fix For: 1.0.0 > > > > Attachments: KNOX-1145.patch > > > > > > Apache Knox currently ships the Jackson databind jar version 2.2.2. > However, there is a security advisory CVE-2017-7525 released for this > component: > > https://github.com/FasterXML/jackson-databind/issues/1599 > > We should upgrade Jackson to pick this fix up. > > > > -- > This message was sent by Atlassian JIRA > (v6.4.14#64029) >
