Uploaded image for project: 'SET - Setups'
  1. SET - Setups
  2. SET-193

Update Jackson Databind version to >= 2.9.10.4 due to 3rd party vulnerability issues (CVE-2020-11620)

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 1.13.3
    • 1.13.4
    • None
    • CVE-2020-11620

    Description

      Current Situation

      • Currently JOC Cockpit and JobScheduler use Jackson Databind version 2.9.10.3
      • A vulnerability affects this Jackson Databind version, seeĀ https://nvd.nist.gov/vuln/detail/CVE-2020-11620
      • JOC Cockpit and JobScheduler are not affected by the vulnerability

      Desired Behavior

      • Due to a vulnerability Issue of older Jackson releases the JOC Cockpit as well as the JobScheduler should use the current version 2.9.10.4 that fixes the issues.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Kanika Agrawal Kanika Agrawal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: