Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-3809

Add a puppetdb dependency on jackson-databind to pin to a non-vulnerable version

    XMLWordPrintable

Details

    • Task
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • PDB 4.2.3.7, PDB 5.1.3
    • PDB 4.2.3.8, PDB 5.1.4
    • PuppetDB
    • Data Platform
    • Data Platform 2018-01-31
    • Security Fix
    • PuppetDB's jackson-databind dependency has been updated to 2.9.1, which contains a fix to a security issue. This library is only used in the structured logging module, so most users should be unaffected.
    • Needs Assessment

    Description

      For puppetdb versions included in 2016.4.x and 2017.3.x, we need to add a dependency on jackson-databind that pins to version 2.8.10 or 2.9.1.

      Attachments

        Activity

          People

            Unassigned Unassigned
            morgan Morgan Rhodes
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support