joss depends on jackson-mapper-asl:1.9.11 which has CVE vulnerability CVE-2019-10172

javaswift / joss

Java library for OpenStack Storage, aka Swift

http://javaswift.org

117 stars 108 forks source link

joss depends on jackson-mapper-asl:1.9.11 which has CVE vulnerability CVE-2019-10172 #175

Open sxh850297968 opened 4 years ago

sxh850297968 commented 4 years ago

Hi firend, joss depends on jackson-mapper-asl:1.9.11 which has CVE vulnerability CVE-2019-10172, and jackson-mapper-asl not be updated in the past 7 years. I hava two questions.

How does the CVE vulnerability CVE-2019-10172 affect joss ? can I ignore this CVE ?
Is there any plan to replace jackson-mapper-asl with other software ?

sxh850297968 commented 4 years ago

@robert-bor Please help to confirm this issue, thanks.