Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade jackson-databind in Main Standalone Jar #15748

Closed
mn-mikke opened this issue Sep 12, 2023 · 2 comments · Fixed by #16169
Closed

Upgrade jackson-databind in Main Standalone Jar #15748

mn-mikke opened this issue Sep 12, 2023 · 2 comments · Fixed by #16169
Assignees
@valenad1
Labels
bug
Milestone
3.46.0.4

Comments

@mn-mikke
Copy link
Collaborator

mn-mikke commented Sep 12, 2023
edited
Loading

The current version has the following vulnerabilities.:

  • PRISMA-2023-0067
@mn-mikke mn-mikke added this to the 3.44.0.1 milestone Sep 12, 2023
@mn-mikke mn-mikke self-assigned this Sep 12, 2023
mn-mikke added a commit that referenced this issue Sep 12, 2023
@mn-mikke
[GH-15748] Upgrade jackson-databind in Main Standalone Jar
7ce4bd5
@mn-mikke mn-mikke mentioned this issue Sep 12, 2023
Closed
mn-mikke added a commit that referenced this issue Sep 13, 2023
@mn-mikke
Merge branch 'master' into mn/GH-15748
bbfb2da
mn-mikke added a commit that referenced this issue Sep 13, 2023
@mn-mikke
Merge branch 'master' into mn/GH-15748
00530ce
@mn-mikke
Copy link
Collaborator Author

This feature will require support for Java 19. Putting on hold for now.

@mn-mikke mn-mikke modified the milestones: 3.44.0.1, 3.46.0.1 Sep 18, 2023
@wendycwong
Copy link
Contributor

wendycwong commented Jan 30, 2024
edited
Loading

Hello, I am building an application using h2o but my container scanner has flagged a vulnerability for one of your Java dependencies (com.fasterxml.jackson.core). Could you please bump the version from 2.14.2 to 2.15.0 in the next release? Below you will see the output of the scanner. Thanks!

"vulnerabilities": [
{
"CVE": "PRISMA-2023-0067",
"CVSS": "7.50",
"Fixed On": "24 Apr 23 00:00 UTC",
"Link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=PRISMA-2023-0067",
"Package Name": "com.fasterxml.jackson.core_jackson-core",
"Package Type": "Java",
"Package Version": "2.14.2",
"Severity": "high",
"Status": "fixed in 2.15.0"
}]

support ticket: https://support.h2o.ai/a/tickets/107321
https://support.h2o.ai/a/tickets/104745

@wendycwong wendycwong mentioned this issue Jan 30, 2024
Closed
@mn-mikke mn-mikke modified the milestones: 3.46.0.1, 3.48.0.1 Jan 31, 2024
@mn-mikke mn-mikke assigned valenad1 and unassigned mn-mikke and valenad1 Jan 31, 2024
@valenad1 valenad1 mentioned this issue Mar 18, 2024
Closed
@mohamedasni mohamedasni modified the milestones: 3.48.0.1, 3.46.0.2 Apr 22, 2024
@valenad1 valenad1 mentioned this issue Apr 22, 2024
Merged
@valenad1 valenad1 linked a pull request May 4, 2024 that will close this issue
GH-15748 jackson-databind upgrade in main.jar #16169
Merged
@valenad1 valenad1 modified the milestones: 3.46.0.2, 3.48.0.1 May 9, 2024
@valenad1 valenad1 modified the milestones: 3.48.0.1, 3.46.0.4 Jun 26, 2024
@valenad1 valenad1 added the bug label Jul 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@valenad1 valenad1

Labels
bug
Projects
None yet
Milestone
3.46.0.4
4 participants
@mn-mikke @mohamedasni @wendycwong @valenad1