Open junaidwarsivd opened 1 year ago
@fmbenhassine do you have sometime to look at this and maybe merge it?
Yes. I am planning to do a release soon. I will make sure to include updated dependencies.
Any update on this?
@junaidwarsivd Thank you very much. I have updated my project from your fork 😄 👍
@fmbenhassine Any update on the release? Also possible to look into this issue where exception is happening in JDK 21. Thanks a lot!
Why not merge?
current version of Jackson being used in release easyrules release (4.1.0) has a vulnerability issues Deserialization of Untrusted Data (High) - CWE-502 XML External Entity (XXE) Injection (High) - CWE-611 - CVE-2020-25649 Denial of Service (DoS) - CWE-400 this PR is for the upgrade for jackson databind dependency which covers the issues mentioned above