[
https://issues.apache.org/jira/browse/CAMEL-18621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17629743#comment-17629743
]
Andrea Cosentino commented on CAMEL-18621:
------------------------------------------
I do understand everybody wants to avoid static dependency checker to report
vulns, but we cannot do everything for everyone. The codebase and ecosystem is
big and aligning dependencies everywhere is not as easy as it could seem.
> Vulnerabilities identified with jackson-databind dependency
> -----------------------------------------------------------
>
> Key: CAMEL-18621
> URL: https://issues.apache.org/jira/browse/CAMEL-18621
> Project: Camel
> Issue Type: Dependency upgrade
> Components: camel-jackson
> Affects Versions: 3.18.2, 3.19.0
> Reporter: Sasikumar Muthukrishnan Sampath
> Assignee: Andrea Cosentino
> Priority: Minor
> Fix For: 3.20.0
>
>
> There are two new vulnerabilities identified with jackson-databind
> dependency. Please upgrade the jackson dependency version to 2.14.x
> [CVE-2022-42003|https://github.com/advisories/GHSA-rgv9-q543-rqg4]
> [CVE-2022-42004|https://github.com/advisories/GHSA-rgv9-q543-rqg4].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
