Closed pavanyalamanchili007 closed 2 years ago
@pavanyalamanchili007 Please sign the Contributor License Agreement!
Click here to manually synchronize the status of this Pull Request.
See the FAQ for frequently asked questions.
@pavanyalamanchili007 Thank you for signing the Contributor License Agreement!
@scottfrederick please review this and consider it. Version 2.11.4 has fewer vulnerabilities
This will be very helpful for many of us. Several of our applications are affected due to this
I have been able to identify only one Jackson Databind CVE that has been reported against the version of Jackson being used by Spring Cloud Connectors, which was discussed in issue #315. As discussed in that issue, the CVE does not affect the Jackson Databind classes that Connectors uses.
Can you point to other CVEs that are relevant to the Jackson version currently used by this project?
I can only find that CVE. But popular Scanning tools are flagging this library due to Jackson vulnerability. Hence the request. I understand this particular CVE might not affect current version.
Superseded by 98207f2f02f49cab56c91062f2e3c40b7f4c01cf
Jackson Version bump to 2.11.4