jponge
commented
5 years ago This will be fixed in the next Vert.x release (3.8).
Note that the attack surface with that CVE for Vert.x is extremely limited, and hardly any issue for tests.
/cc @vietj
Closed bruecky closed 5 years ago
jponge
commented
5 years ago This will be fixed in the next Vert.x release (3.8).
Note that the attack surface with that CVE for Vert.x is extremely limited, and hardly any issue for tests.
/cc @vietj
Can you guys fix whatever dependency this project has that pulls in the transitive dependency on Jackson Core 2.9.8 which has [CVE-2019-12086] Information Exposure (see https://ossindex.sonatype.org/vuln/5bbadb96-496f-4534-a513-7a6396f54029)? Jackson 2.9.9 fixes the issue. Thanks!