[
https://issues.apache.org/jira/browse/NIFI-9952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason-Morries Adam updated NIFI-9952:
-------------------------------------
Description:
Jackson should be upgraded to 2.13.2.2 due to the following CVE:
[CVE-2020-36518|https://github.com/advisories/GHSA-57j2-w4cx-62h2]
(Link: https://github.com/advisories/GHSA-57j2-w4cx-62h2)
You can find the newest versions of jackson at
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
was:
Some bundles are not using the version defined as a property in the parent pom:
* {{nifi-elasticsearch-client-service-api}} (2.9.8)
* {{nifi-graph-processor}} (2.9.9)
* {{nifi-easyrules-service}} (2.9.10)
This should be re-evaluated as it'd be better to use the same version.
> Upgrade Jackson to 2.13.2.1 using POM
> -------------------------------------
>
> Key: NIFI-9952
> URL: https://issues.apache.org/jira/browse/NIFI-9952
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Jason-Morries Adam
> Assignee: Mike Thomsen
> Priority: Major
> Fix For: 1.17.0, 1.16.1
>
>
> Jackson should be upgraded to 2.13.2.2 due to the following CVE:
> [CVE-2020-36518|https://github.com/advisories/GHSA-57j2-w4cx-62h2]
> (Link: https://github.com/advisories/GHSA-57j2-w4cx-62h2)
>
> You can find the newest versions of jackson at
> https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
