Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1270

Update jackson-databind to 2.13.2.1 due to 3rd party vulnerability issue CVE-2020-36518

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 1.13.12, 2.2.3
    • 1.13.13, 2.3.0
    • None
    • None
    • CVE-2020-36518

    Description

      Current Situation

      Desired Behavior

      • Due to a vulnerability Issue of older jackson-databind releases JOC Cockpit (JS1 and JS7), Agent (JS1 and JS7) and Master (JS1 only) should make use of the current version 2.13.2.1 that fixes the issue.
      • Additionally jackson-core, jackson-annotations, jackson-module-jaxb-annotations and jackson-dataformat-xml have to be updated to version 2.13.2 also, as jackson-databind is not downward compatible to older versions of jackson-core.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Divyani Rathore Divyani Rathore
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: