[ https://issues.apache.org/jira/browse/NIFI-9952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason-Morries Adam updated NIFI-9952: ------------------------------------- Description: Jackson should be upgraded to 2.13.2.2 due to the following CVE: [CVE-2020-36518|https://github.com/advisories/GHSA-57j2-w4cx-62h2] (Link: https://github.com/advisories/GHSA-57j2-w4cx-62h2) You can find the newest versions of jackson at https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind was: Some bundles are not using the version defined as a property in the parent pom: * {{nifi-elasticsearch-client-service-api}} (2.9.8) * {{nifi-graph-processor}} (2.9.9) * {{nifi-easyrules-service}} (2.9.10) This should be re-evaluated as it'd be better to use the same version. > Upgrade Jackson to 2.13.2.1 using POM > ------------------------------------- > > Key: NIFI-9952 > URL: https://issues.apache.org/jira/browse/NIFI-9952 > Project: Apache NiFi > Issue Type: Improvement > Reporter: Jason-Morries Adam > Assignee: Mike Thomsen > Priority: Major > Fix For: 1.17.0, 1.16.1 > > > Jackson should be upgraded to 2.13.2.2 due to the following CVE: > [CVE-2020-36518|https://github.com/advisories/GHSA-57j2-w4cx-62h2] > (Link: https://github.com/advisories/GHSA-57j2-w4cx-62h2) > > You can find the newest versions of jackson at > https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -- This message was sent by Atlassian Jira (v8.20.7#820007)