git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Jackson vulnerabilities CVE-2017-17485 & CVE-2018-7489


Hello,

I've recently ran a dependency check on the camel-jackson 2.21.0 and
it appears that the version of jackson being used (2.8.10) has two
High/Severe vulnerabilities.

To fix this for camel-jackson we'll need to upgrade as follows:

CVE-2017-17485 - Jackson 2.9.3 or greater
CVE-2018-7489 - Jackson 2.9.5 or greater

I can see that the parent pom on the mainline has been upgraded to
2.9.4 (as part of spring boot 2 migration), so that covers
CVE-2017-17485 'for free'

More information available here:

https://nvd.nist.gov/vuln/detail/CVE-2017-17485
https://nvd.nist.gov/vuln/detail/CVE-2018-7489

Shall I raise a JIRA to address this (possible as two separate tickets
to track both issues?)

Thanks,

David



( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache-camel-users/msg03247.html on line 95
Call Stack
#TimeMemoryFunctionLocation
10.0008363064{main}( ).../msg03247.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache-camel-users/msg03247.html on line 95
Call Stack
#TimeMemoryFunctionLocation
10.0008363064{main}( ).../msg03247.html:0