aiven / kafka

Mirror of Apache Kafka
Apache License 2.0
2 stars 1 forks source link

KAFKA-13775: CVE-2020-36518 - Upgrade jackson-databind to 2.12.6.1 (#… #4

Closed jjaakola-aiven closed 1 year ago

jjaakola-aiven commented 2 years ago

…11962)

CVE-2020-36518 vulnerability affects jackson-databind (see GHSA-57j2-w4cx-62h2).

Upgrading to jackson-databind version 2.12.6.1 addresses this CVE.

Reviewers: Luke Chen showuon@gmail.com, Bruno Cadonna cadonna@apache.org

Do not merge

Notes

Cherry-pick of merge commit https://github.com/apache/kafka/commit/f919d9d7858e7e9bcd8b15f1501439670c2198db

mdedetrich commented 2 years ago

This looks fine to me, I also looked up the change for the removal of ScalaObjectMapper to verify.