Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Update jackson.version to 2.9.10 to address CVE-2019-14540 & CVE-2019-16335
See original GitHub issueUpdate jackson.version in dropwizard-bom from 2.9.9.20190807 to 2.9.10
This addresses two CVE, both with CVSS v3.1 score of 9.8
The update should be done for both release/1.3.x branch and for master (2.0.x)
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Update Jackson to 2.9.10 · Issue #155 · dakrone/cheshire
Security fixes available in version 2.9.10 for: CVE-2019-16335 CVE-2019-14540 FasterXML/jackson-databind#2410 ...
Read more >Upgrade jackson to version 2.9.10 due to CVE-2019-16335 ...
Upgrade jackson to version 2.9.10 due to CVE-2019-16335 and CVE-2019-14540 ... This is a different vulnerability than CVE-2019-14540.
Read more >CSCvs47971 - jackson-databind Upgrade from 2.9 ... - Cisco Bug
Symptom: Cisco DNA Assurance includes a version of jackson-databind that is affected by the vulnerabilities identified by the following ...
Read more >Debian Bug report logs - #940498 jackson-databind
CVE-2019-14540 [0]: | A Polymorphic Typing issue was discovered in FasterXML jackson- | databind before 2.9.10. It is related to | com.zaxxer.
Read more >Deserialization of Untrusted Data in jackson-annotations | Snyk
Upgrade RHEL:8 jackson-annotations to version 0:2.10.0-1.module+el8.2.0+5059+3eb3af25 or higher. This issue was patched in RHSA-2020:1644 .
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@richmidwinter @msymons Dropwizard 1.3.15 should hit Maven Central within the hour.
@richmidwinter @msymons We’re currently blocked by some flakey behavior of Sonatype OSS when trying to deploy artifacts. Once these issues have been resolved, we’ll publish Dropwizard 1.3.15.