Loading...

XML

Word

Printable

Type: Component Upgrade
Resolution: Done
Priority: Major
Fix Version/s: 2.0.0.Beta2, 1.20.0.Final, 1.19.1.Final
Affects Version/s: 1.19.0.Final
Component/s: Build
Labels:
None

Estimated Difficulty:
Low

Last upgrade to Wildfly Elytron POM dependencies moves Jackson version to 2.13.1, which unfortunately still puts it in-scope of CVE-2020-36518

https://github.com/FasterXML/jackson-databind/issues/2816

https://github.com/advisories/GHSA-57j2-w4cx-62h2

Jackson have provided version 2.13.2.1 specifically for Jackson Databind, although version 2.13.3 is now also available for all components.

Assignee:: Unassigned

Reporter:: Dan Salt (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/06/22 4:19 PM

Updated:: 2022/08/17 4:20 PM

Resolved:: 2022/06/23 1:45 PM