Hello,
vulnerability exists in a JSON Jackson library and it's registered under CVE-2017-7525.
I think you mean the following jars right?
(1) jackson-core-2.9.2.jar (2) jackson-annotations-2.9.0.jar (3) jackson-databind-2.9.2.jar
Please read the bulletin [1] and apply possible solutions. This vulnerability impacts anyone using the vulnerable Jackson JSON library (not only Struts users). [1] https://cwiki.apache.org/confluence/display/WW/S2-055
So, if do not use the above jars, it should be fine? Thanks. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org