KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#… - Githubissues

aiven / kafka

Mirror of Apache Kafka

Apache License 2.0

2 stars 1 forks source link

KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#… #3

Closed jjaakola-aiven closed 1 year ago

jjaakola-aiven commented 2 years ago

…11962)

CVE-2020-36518 vulnerability affects jackson-databind (see GHSA-57j2-w4cx-62h2).

Upgrading to jackson-databind version 2.12.6.1 addresses this CVE.

Reviewers: Luke Chen showuon@gmail.com, Bruno Cadonna cadonna@apache.org

Do not merge

Notes

Cherry-pick of merge commit https://github.com/apache/kafka/commit/f919d9d7858e7e9bcd8b15f1501439670c2198db