[jboss-jira] [JBoss JIRA] (WFLY-6713) Upgrade Jackson to 2.8.x due to CVE-2016-3720
Tomaz Cerar (JIRA)
issues at jboss.org
Wed Jun 15 09:23:00 EDT 2016
[ https://issues.jboss.org/browse/WFLY-6713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13252900#comment-13252900 ]
Tomaz Cerar commented on WFLY-6713:
-----------------------------------
Also jackson-core 2.8 is still at CR1 release, we should at least wait for GA release before upgrading.
Currently we are using jackson 2.7.3 which looking at CVE report is not affected.
> Upgrade Jackson to 2.8.x due to CVE-2016-3720
> ---------------------------------------------
>
> Key: WFLY-6713
> URL: https://issues.jboss.org/browse/WFLY-6713
> Project: WildFly
> Issue Type: Component Upgrade
> Components: REST
> Reporter: Juergen Zimmermann
> Assignee: Stuart Douglas
>
> Jackson 2.7.4 is currently used, but reported at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3720
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list