Re: finatra-jackson 22.4.0: CVE-2020-36518

[Christopher Coco]

Hi there!

The next release should have the Jackson version updated to 2.13.3: https://github.com/twitter/finatra/blob/develop/build.sbt#L93

That release should be happening in the next few weeks or so. 

Thanks!

-c

On Fri, Jul 1, 2022 at 8:46 AM 'Ricardo Cardante' via finatra-users <finatr...@googlegroups.com> wrote:

Hi, Finatra community!

Is there any expectation of upgrading the https://mvnrepository.com/artifact/com.twitter/finatra-jackson_2.12/22.4.0 dependency to a Jackson version that has the https://nvd.nist.gov/vuln/detail/CVE-2020-36518 vulnerability resolved?

We are trying to keep Finatra in our codebase, but we need to resolve this CVE so that it passes our security checks.

Appreciate in advance any help you can provide.

Best regards.

--
You received this message because you are subscribed to the Google Groups "finatra-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to finatra-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/finatra-users/24512a72-750a-4b8a-8ad9-ff285d6a6536n%40googlegroups.com.