Skip to content

Build is broken because of CVE-2018-7489 #139

New issue
New issue
Closed
Closed
Build is broken because of CVE-2018-7489#139
Labels
CVECritical security vulnerability in dependencies
Milestone
 
Release 1.1
@sapessi

Description

@sapessi
sapessi
opened on Mar 24, 2018
  • Framework version: 1.0.1
  • Implementations: Jersey / Spring / Spring Boot / Spark

Scenario

A Jackson critical vulnerability, CVE-2018-7489, is blocking the build. We are waiting for Jackson 2.9.5 that should address the issue.

Activity

sapessi
added
CVECritical security vulnerability in dependencies
on Mar 24, 2018
sapessi
added this to the Release 1.1 milestone on Mar 24, 2018
sapessi

sapessi commented on Apr 2, 2018

@sapessi
sapessi
on Apr 2, 2018
ContributorAuthor

Jackson 2.9.5 is out, we will include it in the next release.

sapessi
added a commit that references this issue on Apr 5, 2018

Bump in Jackson version to address #139.

6c90756
sapessi
mentioned this on Apr 6, 2018
sapessi

sapessi commented on Apr 6, 2018

@sapessi
sapessi
on Apr 6, 2018
ContributorAuthor

Updated dependency in latest merge. Closing this issue.

sapessi
closed this as completedon Apr 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    CVECritical security vulnerability in dependencies

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @sapessi

        Issue actions
          Build is broken because of CVE-2018-7489 · Issue #139 · aws/serverless-java-container