Closed kittsville closed 4 years ago
Merging #526 into develop will not change coverage by
%
. The diff coverage isn/a
.
@@ Coverage Diff @@
## develop #526 +/- ##
========================================
Coverage 91.76% 91.76%
========================================
Files 267 267
Lines 4763 4763
Branches 284 284
========================================
Hits 4371 4371
Misses 392 392
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update d874b1a...d6d8086. Read the comment docs.
Finatra has been updated to Jackson 2.11 in e265ba87c5ff6cecc88b65dd050e0cf1a23df698. This should be in the next release, 20.5.0.
Problem
Jackson Databind has multiple critical vulnerabilities:
Solution
Upgrade Jackson Databind to the latest supported version. Version
2.10.X
can't be used yet, see #511Result
Finatra is no longer vulnerable to 2 of the vulnerabilities. Once
2.9.10.4
is released another PR can be raised to fix: