Security fix release 4.1.2

10 views

Skip to first unread message

Jakub Białek

unread,

Jan 15, 2019, 6:43:33 AM1/15/19

to simple-sprin...@googlegroups.com

Hi,

I've released SSM 4.1.2 with updated jackson dependency to 2.9.8 due to security issue: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000873.

The release should be soon available in central maven repository.

Best regards,

-- Ragnor

Jakub Białek

unread,

Jan 15, 2019, 6:50:27 AM1/15/19

to simple-sprin...@googlegroups.com

One more information important if you use custom jackson serialization with type info. It seams that it has change a little bit between 2.8.x and 2.9.x.

Details are in related tests: https://github.com/ragnor/simple-spring-memcached/commit/bceca2b2f0289d45c6a431fcf2e94e62c4b8e11a

Best regards,

-- Ragnor

--
You received this message because you are subscribed to the Google Groups "simple-spring-memecached" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simple-spring-meme...@googlegroups.com.
To post to this group, send email to simple-sprin...@googlegroups.com.
Visit this group at https://groups.google.com/group/simple-spring-memecached.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages