[jira] [Created] (TINKERPOP-2260) Update jackson databind 2.9.9.1

Robert Dale (JIRA) Wed, 10 Jul 2019 05:00:04 -0700

Robert Dale created TINKERPOP-2260:
--------------------------------------

             Summary: Update jackson databind 2.9.9.1
                 Key: TINKERPOP-2260
                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2260
             Project: TinkerPop
          Issue Type: Improvement
          Components: io
    Affects Versions: 3.4.2, 3.3.7
            Reporter: Robert Dale
            Assignee: Robert Dale




Vulnerable to deserialization of untrusted data with logback-core or jdom on 
the classpath. 
Upgrade to 2.9.9.1 or higher.

* https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450917
* https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-450207



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (TINKERPOP-2260) Update jackson databind 2.9.9.1

Reply via email to