Skip to content

Commit

Permalink
Upgrade to Jackson 2.9.10.6
Browse files Browse the repository at this point in the history
https://nvd.nist.gov/vuln/detail/CVE-2020-24750
https://nvd.nist.gov/vuln/detail/CVE-2020-24616

Release notes: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#micro-patches

>  jackson-databind 2.9.10.6 (24-Aug-2020) -- with jackson-bom version 2.9.10.20200824
>
>  * FasterXML/jackson-databind#2798: Block one more gadget type (com.pastdev.httpcomponents, CVE-2020-24750
>  * FasterXML/jackson-databind#2814: Block one more gadget type (Anteros-DBCP, CVE-2020-24616)
>  * FasterXML/jackson-databind#2826: Block one more gadget type (com.nqadmin.rowset)
>  * FasterXML/jackson-databind#2827: Block one more gadget type (org.arrahtec:profiler-core)
  • Loading branch information
joschi committed Nov 11, 2020
1 parent 5a6926b commit 9b876b3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion metrics-json/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

<properties>
<javaModuleName>com.codahale.metrics.json</javaModuleName>
<jackson.version>2.9.10.5</jackson.version>
<jackson.version>2.9.10.6</jackson.version>
</properties>

<dependencyManagement>
Expand Down
2 changes: 1 addition & 1 deletion metrics-servlets/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<javaModuleName>com.codahale.metrics.servlets</javaModuleName>
<papertrail.profiler.version>1.1.1</papertrail.profiler.version>
<servlet.version>3.1.0</servlet.version>
<jackson.version>2.9.10.5</jackson.version>
<jackson.version>2.9.10.6</jackson.version>
</properties>

<dependencyManagement>
Expand Down

0 comments on commit 9b876b3

Please sign in to comment.