[JOC-588] Update Jackson version to >= 2.9.5 due to 3rd party vulnerability issue in Jackson (CVE-2018-7489) - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.12.7
Component/s: JOC Cockpit Web Service
Labels:
None

CVE-ID:
CVE-2018-7489

Description

Current Situation

Currently JOC Cockpit and JobScheduler use Jackson version 2.4.3.
A vulnerability affects this version, see https://www.cvedetails.com/cve/CVE-2018-7489/

Desired Behavior

Due to a vulnerability Issue of older Jackson releases the JOC Cockpit as well as the JobScheduler should use the current version 2.9.7 that fixes the issues.

Maintainer Notes

Release 1.11 that includes Jackson version 2.4.3 is at its end of life. Therefore no maintenance release is provided.
Users of release 1.11 should therefore upgrade to release 1.12.

Attachments

Issue Links

links to

https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2018-7489

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Andreas Püschel

Approver:: Oliver Haufe

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17 October 2018 08:18

Updated:: 29 July 2020 21:31

Resolved:: 17 October 2018 12:19