search

eclipse / microprofile-metrics

microprofile-metrics
Apache License 2.0
100 stars 66 forks source link

There is a vulnerability in jackson-databind 2.9.9.1 ,upgrade recommended #618

Closed QiAnXinCodeSafe closed 2 years ago

QiAnXinCodeSafe commented 3 years ago

https://github.com/eclipse/microprofile-metrics/blob/0048fbd1cad278778f9deec5b1878c2b454467bc/tck/rest/pom.xml#L35

CVE-2020-9547 CVE-2020-9548

Recommended upgrade version:2.9.10.6

Channyboy commented 2 years ago

Succeeded by #655