-
Improvement
-
Resolution: Unresolved
-
Major
Jackson-databind jar needs to be updated to 2.9.4+ to address https://nvd.nist.gov/vuln/detail/CVE-2018-5968
Jackson-databind jar needs to be updated to 2.9.4+ to address https://nvd.nist.gov/vuln/detail/CVE-2018-5968
Specifically, the CVE being identified by crappy security scanners, as none of these plugins opt in to the affected feature in jackson-databind, last time I checked at least.