[JOC-666] Update jackson-databind version to 2.9.8 due to 3rd party vulnerability issues in jackson (CVE-2018-19360, CVE-2018-19362, CVE-2018-19361, CVE-2018-14720, CVE-2018-14721, CVE-2018-14719, CVE-2018-14718, CVE-2018-7489) - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.12.8
Fix Version/s: 1.12.9, 2.0.0
Component/s: None
Labels:
None

CVE-ID:
CVE-2018-19360, CVE-2018-19362, CVE-2018-19361, CVE-2018-14720, CVE-2018-14721, CVE-2018-14719, CVE-2018-14718, CVE-2018-7489

Description

Current Situation

Currently JOC Cockpit uses 3rd party library jackson-databind version 2.9.7.
A number of vulnerabilities affect this version, see https://www.cvedetails.com/

Desired Behavior

Due to vulnerability Issues of older jackson-databind releases the JOC Cockpit should use the current version 2.9.8 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Oliver Haufe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15 January 2019 14:04

Updated:: 29 July 2020 21:33

Resolved:: 15 January 2019 14:53