Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-728

Update Jackson Databind version to >= 2.9.9.2 due to vulnerability issue (CVE-2019-14379, CVE-2019-14439)

    XMLWordPrintable

    Details

    • CVE-ID:
      CVE-2019-14379, CVE-2019-14439

      Description

      Current Situation

      Desired Behavior

      • Due to a vulnerability Issue of older Jackson releases the JOC Cockpit as well as the JobScheduler should use the current version 2.9.9.2 that fixes the issues.

      Maintainer Notes

      Release 1.11 that includes Jackson version 2.4.3 is at its end of life. Therefore no maintenance release is provided.
      Users of release 1.11 should therefore upgrade to release 1.12.10.

        Attachments

          Activity

            People

            • Assignee:
              sp Santiago Aucejo Petzoldt
              Reporter:
              ap Andreas Püschel
              Approver:
              Kanika Agrawal
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: