New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(fix) upgrade jackson for jackson-databind is vulnerable to Deserialisation #260

Merged

thomaszurkan-optimizely merged 1 commit into master from sourceClearFix

Feb 4, 2019

Contributor

thomaszurkan-optimizely commented Jan 31, 2019

Summary

Sourceclear flagged jackson-databind 2.9.4 fixed in 2.9.8

https://www.sourceclear.com/vulnerability-database/security/deserialisation/java/sid-8107


          upgrade jackson for jackson-databind is vulnerable to Deserialisation

a97e3ae

thomaszurkan-optimizely requested review from nchilada and mikeproeng37

January 31, 2019 22:39

nchilada approved these changes

View reviewed changes

Contributor

nchilada left a comment •

edited

Loading

Thanks for the quick start!

coveralls commented Jan 31, 2019

Pull Request Test Coverage Report for Build 867

0 of 0 changed or added relevant lines in 0 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage remained the same at 89.545%

Totals
Change from base Build 862:	0.0%
Covered Lines:	2715
Relevant Lines:	3032

💛 - Coveralls

thomaszurkan-optimizely merged commit fb64500 into master

thomaszurkan-optimizely deleted the sourceClearFix branch

February 4, 2019 18:44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet