search

twitter / finagle

A fault tolerant, protocol-agnostic RPC system
https://twitter.github.io/finagle
Apache License 2.0
8.78k stars 1.45k forks source link

Finagle `22.7.0` uses vulnerable `jackson-databind` dependency: `2.13.3` #939

Closed the-lazy-val closed 10 months ago

the-lazy-val commented 1 year ago

Describe the bug Finagle 22.7.0 uses vulnerable jackson-databind dependency: 2.13.3 ref:

To Reproduce NA

Expected behavior NA

Screenshots NA

Environment NA

Additional context NA

mattdickinson5 commented 10 months ago

Jackson was bumped to 2.14.3 previously