[JENKINS-59379] Update jackson-databind to 2.9.9.3 - Jenkins Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Critical
Resolution: Unresolved
Component/s: java-client-api
Labels:
- security

Similar Issues:

Show

Description

Update jackson-databind from 2.9.9 to 2.9.9.3

This is to address four separate CVEs, two of which are critical:

CVE-2019-14379 (9.8)
CVE-2019-14439 (7.5)
CVE-2019-12384 (5.9)
CVE-2019-12814 (5.9)

As java-client-api uses three separate jackson modules, I suggest addressing problem by using jackson-bom POM import (2.9.9.20190807) in dependencyManagement.

Attachments

Activity

Hide

Permalink

Mark Symons added a comment - 2019-09-15 16:00

Submitted pull request: https://github.com/jenkinsci/java-client-api/pull/427

Show

Mark Symons added a comment - 2019-09-15 16:00 Submitted pull request: https://github.com/jenkinsci/java-client-api/pull/427

People

Assignee:: Karl-Heinz Marbaise

Reporter:: Mark Symons

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019-09-15 10:49

Updated:: 2019-09-15 16:00