New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade Jackson-databind #869
base: master
Are you sure you want to change the base?
Conversation
@shoothzj and @kallestenflo heres the pull request for the update to the jackson-databind CVE. This would resolve the CVE, but unsure if the tool can support this update |
@shoothzj Thanks for the approvals! Looking forward to this being merged |
Hey, wanted to circle back on this to see if this is something that will get merged. @shoothzj |
Curious about merge plan? |
I am too. Not sure whom to @ mention to get this merged |
@kallestenflo we had another request to fix this. How do we move forward? @shoothzj |
I am sorry, I am not maintainer of this project. Let me see if I can send mail to him. @kallestenflo |
@shoothzj thanks. Much appreciated. Sorry to bother. Might make sense to release the next version soon too after this gets merged to have that version fix the vulns |
Looks like this project could need a new maintainer?? @kallestenflo |
Upgrading Jackson-databind to mitigate CVEs in 2.13.2.2. This requires 2.13.4.2