Upgrade jackson-databind:2.12.2

newrelic / newrelic-lambda-layers

Source code and utilities to build and publish New Relic's public AWS Lambda layers.

https://newrelic.com/products/serverless-aws-lambda

Apache License 2.0

36 stars 43 forks source link

Upgrade jackson-databind:2.12.2 #282

Closed kanderson250 closed 1 hour ago

kanderson250 commented 4 hours ago

The current jackson-databind dependency has some CVEs. Upgrade to a stable version per this GTSE.

workato-integration[bot] commented 4 hours ago

https://new-relic.atlassian.net/browse/NR-338363

deleonenriqueta commented 1 hour ago

The GTSE was referencing an outdated version of the Lambda Layer v2.2.1.13_java. The latest version v2.4.1_java includes an updated version of the jackson-bind library that resolves those reported vulnerabilities. The recommendation for the customer is to upgrade to the latest version of the Lambda Layer.