Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: Bump jackson-databind to 2.13.2.2 #566

Merged
merged 2 commits into from Mar 30, 2022

Conversation

evansims
Copy link
Member

@evansims evansims commented Mar 26, 2022

This PR bumps the jackson-databind dependency to 2.13.2.2 to address CVE-2020-36518 in that library


Re: https://togithub.com/FasterXML/jackson-databind/issues/3428
Build is currently failing due to an upstream issue; holding until resolved.

--

A package fix was released as 2.13.2.2. I've updated the PR and marked as ready for review.

This PR bumps the `jackson-databind` dependency to 2.13.2.1 to address [CVE-2020-36518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518) in that library
@evansims evansims added CH: Security dependencies One or more dependencies are being bumped labels Mar 26, 2022
@evansims evansims changed the title Security: Bump jackson-databind to 2.13.2.1 Security: Bump jackson-databind to 2.13.2.2 Mar 29, 2022
@evansims evansims added the review:tiny Tiny review label Mar 29, 2022
@evansims evansims marked this pull request as ready for review March 29, 2022 18:11
@evansims evansims requested a review from a team as a code owner March 29, 2022 18:11
@poovamraj poovamraj added this to the v3-Next milestone Mar 30, 2022
@poovamraj poovamraj merged commit dd22f32 into master Mar 30, 2022
@poovamraj poovamraj modified the milestones: v3-Next, 3.19.1 Mar 30, 2022
@poovamraj poovamraj mentioned this pull request Mar 30, 2022
@evansims evansims deleted the security/bump-jackson-databind branch July 5, 2022 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CH: Security dependencies One or more dependencies are being bumped review:tiny Tiny review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants