Uploaded image for project: 'SET - Setups'
  1. SET - Setups
  2. SET-185

Update Jackson Databind version to >= 2.9.10.1 due to 3rd party vulnerability issues (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942)

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • None
    • 1.12.11, 1.13.2
    • None

    Description

      Current Situation

      Currently JOC Cockpit and JobScheduler use Jackson Databind version 2.9.10.
      Vulnerabilities affect this version, see CVE-2019-17531, CVE-2019-16943 and CVE-2019-16942

      Desired Behavior

      Due to a vulnerability Issue of older Jackson releases the JOC Cockpit as well as the JobScheduler should use the current version 2.9.10.1 that fixes the issues.

      Attachments

        Activity

          People

            oh Oliver Haufe
            oh Oliver Haufe
            Kanika Agrawal Kanika Agrawal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: