ja-garcia
commented
4 years ago Este issue queda pospuesto intencionadamente, tras comprobar como parte de #46, que existe incompatiblidad del upgrade de jackson-databind (subir el minor por encima de la 2.6) con spring-boot-starter-actuator 1.3.8. Por lo tanto, sería recomendable abordar este issue conjuntamemnte a #4 (además, también se ha probado el upgrade de spring-boot, por encima de la versión 1.3, pero requiere migrar a log4j2).
Actualizar com.fasterxml.jackson.core:jackson-databind a la versión mínima 2.9.10.7. Actualmente el proyecto tiene una dependencia con com.fasterxml.jackson.core:jackson-databind:2.6.7
Los CVEs reportados para las versiones previas a com.fasterxml.jackson.core:jackson-databind:2.9.10.7 son:
https://nvd.nist.gov/vuln/detail/CVE-2020-25649 https://nvd.nist.gov/vuln/detail/CVE-2021-20190 https://nvd.nist.gov/vuln/detail/CVE-2018-5968 https://nvd.nist.gov/vuln/detail/CVE-2019-17267 https://nvd.nist.gov/vuln/detail/CVE-2020-9548 https://nvd.nist.gov/vuln/detail/CVE-2020-9547 https://nvd.nist.gov/vuln/detail/CVE-2020-10673 https://nvd.nist.gov/vuln/detail/CVE-2019-14892 https://nvd.nist.gov/vuln/detail/CVE-2020-8840 https://nvd.nist.gov/vuln/detail/CVE-2019-20330 https://nvd.nist.gov/vuln/detail/CVE-2017-7525 https://nvd.nist.gov/vuln/detail/CVE-2019-16943 https://nvd.nist.gov/vuln/detail/CVE-2019-17531 https://nvd.nist.gov/vuln/detail/CVE-2019-16942 https://nvd.nist.gov/vuln/detail/CVE-2019-12384 https://nvd.nist.gov/vuln/detail/CVE-2019-16335 https://nvd.nist.gov/vuln/detail/CVE-2019-14540 https://nvd.nist.gov/vuln/detail/CVE-2019-14379 https://nvd.nist.gov/vuln/detail/CVE-2019-14439 https://nvd.nist.gov/vuln/detail/CVE-2019-12814 https://nvd.nist.gov/vuln/detail/CVE-2018-11307 https://nvd.nist.gov/vuln/detail/CVE-2019-12086 https://nvd.nist.gov/vuln/detail/CVE-2018-12022 https://nvd.nist.gov/vuln/detail/CVE-2017-17485 https://nvd.nist.gov/vuln/detail/CVE-2017-15095 https://nvd.nist.gov/vuln/detail/CVE-2018-7489