Closed arso closed 2 years ago
Sonatype reports [1] that currently used version do have CVEs marked as high[2][3]. Bumping minor version to get rid of it.
[1] https://sbom.lift.sonatype.com/report/T1-a0368c8f29fdaa555824-86f3333f31f08-1658829333-6e6c305c50524115b94d30624caabdb0 [2] https://ossindex.sonatype.org/vulnerability/CVE-2020-36518?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0 [3] https://ossindex.sonatype.org/vulnerability/sonatype-2021-4682?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0
Signed-off-by: Artur Socha asocha@redhat.com
/ost
arso
commented
2 years ago arso
commented
2 years ago
Sonatype reports [1] that currently used version do have CVEs marked as high[2][3]. Bumping minor version to get rid of it.
[1] https://sbom.lift.sonatype.com/report/T1-a0368c8f29fdaa555824-86f3333f31f08-1658829333-6e6c305c50524115b94d30624caabdb0 [2] https://ossindex.sonatype.org/vulnerability/CVE-2020-36518?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0 [3] https://ossindex.sonatype.org/vulnerability/sonatype-2021-4682?component-type=maven&component-name=com.fasterxml.jackson.core%2Fjackson-databind&utm_source=ossindex-client&utm_medium=integration&utm_content=1.7.0
Signed-off-by: Artur Socha asocha@redhat.com