On Thu, Dec 20, 2018 at 9:08 AM garvit singh <garvit.sin...@gmail.com> wrote: > > github security alert shows these CVEs for jackson-databind 2.7.9.4
That would also contain fixes yes. Github issues I listed should contain accurate information of inclusion. -+ Tatu +- > > On Tuesday, December 11, 2018 at 10:10:15 PM UTC-5, Tatu Saloranta wrote: >> >> On Tue, Dec 11, 2018 at 7:04 PM garvit singh <garvit...@gmail.com> wrote: >> > >> > Hello, >> > >> > jackson-databind-2.6.7.2 >> > >> > >> > does it have fix for >> > >> > CVE-2018-7489 >> > CVE-2017-17485 >> >> No; these are Jackson-databind issues #1931 (CVE-2018-7489) and #1855 >> (CVE-2017-17485), >> and only included in patches for 2.7(.9.3) and later. >> >> -+ Tatu +- >> >> > >> > >> > -garvit >> > >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "jackson-user" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to jackson-user...@googlegroups.com. >> > To post to this group, send email to jackso...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "jackson-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jackson-user+unsubscr...@googlegroups.com. > To post to this group, send email to jackson-user@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user+unsubscr...@googlegroups.com. To post to this group, send email to jackson-user@googlegroups.com. For more options, visit https://groups.google.com/d/optout.