CVE-2022-42004 - Update jackson version · Issue #588 · cloudevents/sdk-java · GitHub

8000 CVE-2022-42004 - Update jackson version · Issue #588 · cloudevents/sdk-java · GitHub

CVE-2022-42004 - Update jackson version #588

Closed

Closed

CVE-2022-42004 - Update jackson version#588

Assignees

638A

cloudevents-jackson-json still uses jackson 2.13.3, which is vulnerable: https://nvd.nist.gov/vuln/detail/CVE-2022-42004

I can prepare an PR. Which version would be appropriate? Current versions are 2.13.5, 2.14.3, 2.15.2.
#575 and #577 bumped jackson-dataformat-yaml to 2.15.2 in cloudevents-sql, I guess that is the most reasonable choice.

Metadata

Assignees

stummb

Labels

No labels

No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

0