Upgrade Jackson-databind #869
Conversation
|
@shoothzj and @kallestenflo heres the pull request for the update to the jackson-databind CVE. This would resolve the CVE, but unsure if the tool can support this update |
|
@shoothzj Thanks for the approvals! Looking forward to this being merged |
|
Hey, wanted to circle back on this to see if this is something that will get merged. @shoothzj |
|
Curious about merge plan? |
|
I am too. Not sure whom to @ mention to get this merged |
|
@kallestenflo we had another request to fix this. How do we move forward? @shoothzj |
|
I am sorry, I am not maintainer of this project. Let me see if I can send mail to him. @kallestenflo |
|
@shoothzj thanks. Much appreciated. Sorry to bother. Might make sense to release the next version soon too after this gets merged to have that version fix the vulns |
|
Looks like this project could need a new maintainer?? @kallestenflo |
Upgrading Jackson-databind to mitigate CVEs in 2.13.2.2. This requires 2.13.4.2