[
https://issues.apache.org/jira/browse/KNOX-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295031#comment-16295031
]
Philip Zampino commented on KNOX-1145:
--------------------------------------
After thinking about it more, since 0.14.0 has been branched, and this
patch has no code changes, there doesn't seem to be a good reason to hold
off this commit, IMO.
On Mon, Dec 18, 2017 at 6:01 AM, Colm O hEigeartaigh (JIRA) <[email protected]
> Upgrade Jackson due to CVE-2017-7525
> ------------------------------------
>
> Key: KNOX-1145
> URL: https://issues.apache.org/jira/browse/KNOX-1145
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Colm O hEigeartaigh
> Assignee: Colm O hEigeartaigh
> Fix For: 1.0.0
>
> Attachments: KNOX-1145.patch
>
>
> Apache Knox currently ships the Jackson databind jar version 2.2.2. However,
> there is a security advisory CVE-2017-7525 released for this component:
> https://github.com/FasterXML/jackson-databind/issues/1599
> We should upgrade Jackson to pick this fix up.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
