[jboss-jira] [JBoss JIRA] (WFCORE-4864) Bump the jackson databind test dep to 2.10.1
Jeff Mesnil (Jira)
issues at jboss.org
Thu Mar 19 11:34:13 EDT 2020
[ https://issues.redhat.com/browse/WFCORE-4864?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeff Mesnil updated WFCORE-4864:
--------------------------------
Summary: Bump the jackson databind test dep to 2.10.1 (was: Bump the jackson databind test dep to 2.10.1 or 2.9.10.3)
> Bump the jackson databind test dep to 2.10.1
> --------------------------------------------
>
> Key: WFCORE-4864
> URL: https://issues.redhat.com/browse/WFCORE-4864
> Project: WildFly Core
> Issue Type: Component Upgrade
> Components: Security, Test Suite
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Priority: Major
> Fix For: 12.0.0.Beta1
>
>
> Address https://github.com/advisories/GHSA-gww7-p5w4-wrfv and https://github.com/advisories/GHSA-4w82-r329-3q67
> This is just a test dep but might as well clear these.
> Full WildFly uses 2.10.1 so that's preferred. But if the test fixture that uses databind doesn't work with that, go for 2.9.10.3.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list