Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2352

Upgrade Jackson (Databind) to resolve CVE-2020-36518

    XMLWordPrintable

Details

    • Low

    Description

      Last upgrade to Wildfly Elytron POM dependencies moves Jackson version to 2.13.1, which unfortunately still puts it in-scope of CVE-2020-36518

      https://github.com/FasterXML/jackson-databind/issues/2816

      https://github.com/advisories/GHSA-57j2-w4cx-62h2

      Jackson have provided version 2.13.2.1 specifically for Jackson Databind, although version 2.13.3 is now also available for all components.

      Attachments

        Activity

          People

            Unassigned Unassigned
            dansalt1 Dan Salt (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: