Modification of Ehcache 2.10.6 jar possible risks

54 views

Skip to first unread message

Venkat Sai Janumpally

unread,

Mar 19, 2021, 8:57:22 AM3/19/21

to ehcac...@googlegroups.com

Hi,

I am using Ehcache 2.10.6 version. In the Ehcache jar the Jackson Databind(2.9.6 version) is bundled. There is a vulnerability with that Jackson Databind version. So we removed the corresponding classes and pom files of jackson databind in the Ehcache jar which worked fine as it is using the local version of databind(2.11.1). Does this cause any compatibility or license issues?

Thanks

Venkat Sai

Reply all

Reply to author

Forward

0 new messages