[JIRA] (JENKINS-59379) Update jackson-databind to 2.9.9.3

4 views
Skip to first unread message

mark.symons@weareact.com (JIRA)

unread,
Sep 15, 2019, 6:50:02 AM9/15/19
to jenkinsc...@googlegroups.com
Mark Symons created an issue
 
Jenkins / Bug JENKINS-59379
Update jackson-databind to 2.9.9.3
Issue Type: Bug Bug
Assignee: Karl-Heinz Marbaise
Components: java-client-api
Created: 2019-09-15 10:49
Labels: security
Priority: Critical Critical
Reporter: Mark Symons

Update jackson-databind from 2.9.9 to 2.9.9.3

This is to address four separate CVEs, two of which are critical:

As java-client-api uses three separate jackson modules, I suggest addressing problem by using {{jackson-bom}}POM import (2.9.9.20190807) in dependencyManagement.

Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

mark.symons@weareact.com (JIRA)

unread,
Sep 15, 2019, 6:51:02 AM9/15/19
to jenkinsc...@googlegroups.com
Mark Symons updated an issue
Change By: Mark Symons
Update {{jackson-databind}} from 2.9.9 to 2.9.9.3

This is to address four separate CVEs, two of which are critical:
* [CVE-2019-14379|https://nvd.nist.gov/vuln/detail/2019-14379] (9.8)
* [CVE-2019-14439|https://nvd.nist.gov/vuln/detail/2019-14439] (7.5)
* [CVE-2019-12384|https://nvd.nist.gov/vuln/detail/2019-12384] (5.9)
* [CVE-2019-12814|https://nvd.nist.gov/vuln/detail/2019-12814] (5.9)

As {{java-client-api}} uses three separate jackson modules, I suggest addressing problem by using {{jackson-bom}}POM import (2.9.9.20190807) in {{ dependencyManagement }} .

mark.symons@weareact.com (JIRA)

unread,
Sep 15, 2019, 12:01:02 PM9/15/19
to jenkinsc...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages