Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-6085

Upgrade Jackson to 2.13.4 (CVE-2022-42004)

    XMLWordPrintable

Details

    • Component Upgrade
    • Resolution: Done
    • Major
    • 19.0.0.Final
    • None
    • Test Suite
    • None

    Description

      Jackson Databind is affected by CVE-2022-42004. WildFly Core uses it as a test dependency. Try to upgrade to 2.13.4 to avoid noise from scanners flagging us as vulnerable (plus to avoid any actual relevant issue, in the unlikely even there is one.)

      Note that this issue does not address CVE-2022-42003, for which there is no current fix in a .Final release. When there is that can be tracked separately.

      Attachments

        Activity

          People

            bstansbe@redhat.com Brian Stansberry
            bstansbe@redhat.com Brian Stansberry
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: