Skip to content

Build is broken because of CVE-2018-7489 #139

Closed
@sapessi

Description

@sapessi
  • Framework version: 1.0.1
  • Implementations: Jersey / Spring / Spring Boot / Spark

Scenario

A Jackson critical vulnerability, CVE-2018-7489, is blocking the build. We are waiting for Jackson 2.9.5 that should address the issue.

Activity

added
CVECritical security vulnerability in dependencies
on Mar 24, 2018
added this to the Release 1.1 milestone on Mar 24, 2018
sapessi

sapessi commented on Apr 2, 2018

@sapessi
ContributorAuthor

Jackson 2.9.5 is out, we will include it in the next release.

sapessi

sapessi commented on Apr 6, 2018

@sapessi
ContributorAuthor

Updated dependency in latest merge. Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    CVECritical security vulnerability in dependencies

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @sapessi

        Issue actions

          Build is broken because of CVE-2018-7489 · Issue #139 · aws/serverless-java-container