[
https://issues.apache.org/jira/browse/CAMEL-18621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17629742#comment-17629742
]
Andrea Cosentino edited comment on CAMEL-18621 at 11/7/22 10:30 AM:
--------------------------------------------------------------------
Using micro release means specify different version of jackson databind
wherever we have them. This also means the need to add specific version of
jackson databind in all the karaf features using jackson. It's an effort that
doesn't worth to be done if the the major release was in the short term, as it
was.
was (Author: ancosen):
Using micro release means specify different version of jackson databind
wherever we have them. This also means the need to add specific version of
jackson databind in all the karaf features using jackson. It's an effort that
doesn't worth to be done if the the major release aws in the short term, as it
was.
> Vulnerabilities identified with jackson-databind dependency
> -----------------------------------------------------------
>
> Key: CAMEL-18621
> URL: https://issues.apache.org/jira/browse/CAMEL-18621
> Project: Camel
> Issue Type: Dependency upgrade
> Components: camel-jackson
> Affects Versions: 3.18.2, 3.19.0
> Reporter: Sasikumar Muthukrishnan Sampath
> Assignee: Andrea Cosentino
> Priority: Minor
> Fix For: 3.20.0
>
>
> There are two new vulnerabilities identified with jackson-databind
> dependency. Please upgrade the jackson dependency version to 2.14.x
> [CVE-2022-42003|https://github.com/advisories/GHSA-rgv9-q543-rqg4]
> [CVE-2022-42004|https://github.com/advisories/GHSA-rgv9-q543-rqg4].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
