github security alert shows these CVEs for jackson-databind 2.7.9.4 On Tuesday, December 11, 2018 at 10:10:15 PM UTC-5, Tatu Saloranta wrote: > > On Tue, Dec 11, 2018 at 7:04 PM garvit singh <garvit...@gmail.com > <javascript:>> wrote: > > > > Hello, > > > > jackson-databind-2.6.7.2 > > > > > > does it have fix for > > > > CVE-2018-7489 > > CVE-2017-17485 > > No; these are Jackson-databind issues #1931 (CVE-2018-7489) and #1855 > (CVE-2017-17485), > and only included in patches for 2.7(.9.3) and later. > > -+ Tatu +- > > > > > > > -garvit > > > > -- > > You received this message because you are subscribed to the Google > Groups "jackson-user" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to jackson-user...@googlegroups.com <javascript:>. > > To post to this group, send email to jackso...@googlegroups.com > <javascript:>. > > For more options, visit https://groups.google.com/d/optout. >
-- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user+unsubscr...@googlegroups.com. To post to this group, send email to jackson-user@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
