Closed jjaakola-aiven closed 1 year ago
…11962)
CVE-2020-36518 vulnerability affects jackson-databind (see GHSA-57j2-w4cx-62h2).
Upgrading to jackson-databind version 2.12.6.1 addresses this CVE.
Reviewers: Luke Chen showuon@gmail.com, Bruno Cadonna cadonna@apache.org
Cherry-pick of merge commit https://github.com/apache/kafka/commit/f919d9d7858e7e9bcd8b15f1501439670c2198db
This looks fine to me, I also looked up the change for the removal of ScalaObjectMapper to verify.
ScalaObjectMapper
…11962)
CVE-2020-36518 vulnerability affects jackson-databind (see GHSA-57j2-w4cx-62h2).
Upgrading to jackson-databind version 2.12.6.1 addresses this CVE.
Reviewers: Luke Chen showuon@gmail.com, Bruno Cadonna cadonna@apache.org
Do not merge
Notes
Cherry-pick of merge commit https://github.com/apache/kafka/commit/f919d9d7858e7e9bcd8b15f1501439670c2198db