Closed ksh-t-z closed 6 days ago
Description: The git-changelog-command-line project is currently using outdated versions of Jackson libraries:
git-changelog-command-line
com.fasterxml.jackson.core:jackson-core:2.5.3
com.fasterxml.jackson.core:jackson-databind:2.5.3
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.5.3
These versions have multiple Critical and High CVEs associated with them, which are flagged during security scans of the Docker image.
Proposed Solution: Update the Jackson dependencies to the latest version 2.17.1:
com.fasterxml.jackson.core:jackson-core:2.17.1
com.fasterxml.jackson.core:jackson-databind:2.17.1
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.1
The latest versions can be found here.
Benefits:
References:
Thank you for considering this update to improve the security of the project.
Stepping dependencies and releasing now.
Thanks @tomasbjerre for the quick resolution
Could you please also release the image tag on Docker Hub?
Image released now.
Thanks again
Description: The
git-changelog-command-line
project is currently using outdated versions of Jackson libraries:com.fasterxml.jackson.core:jackson-core:2.5.3
com.fasterxml.jackson.core:jackson-databind:2.5.3
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.5.3
These versions have multiple Critical and High CVEs associated with them, which are flagged during security scans of the Docker image.
Proposed Solution: Update the Jackson dependencies to the latest version 2.17.1:
com.fasterxml.jackson.core:jackson-core:2.17.1
com.fasterxml.jackson.core:jackson-databind:2.17.1
com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.1
The latest versions can be found here.
Benefits:
References:
Thank you for considering this update to improve the security of the project.