[SET-184] Update Jackson Databind version to >= 2.9.10 due to 3rd party vulnerability issues CVE-2019-16335 and CVE-2019-14540 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 1.12.10, 1.13.0
Fix Version/s: 1.12.11, 1.13.1
Labels:
None

CVE-ID:
CVE-2019-16335, CVE-2019-14540

Description

Current Situation

Currently JOC Cockpit and JobScheduler use Jackson Databind version 2.9.9.2.
A vulnerability affects this version, see https://www.cvedetails.com/cve/CVE-2019-16335/ and https://www.cvedetails.com/cve/CVE-2019-14540/

Desired Behavior

Due to a vulnerability Issue of older Jackson releases the JOC Cockpit as well as the JobScheduler should use the current version 2.9.10 that fixes the issues.

Attachments

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Santiago Aucejo Petzoldt

Approver:: Oliver Haufe

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01 October 2019 09:02

Updated:: 29 July 2020 21:32

Resolved:: 01 October 2019 10:30