Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-4161

Update jackson-databind to remediate CVE-2018-5968

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PDB 5.1.5, PDB 5.2.4, PDB 6.0.0
    • Fix Version/s: PDB 5.2.6, PDB 6.0.1
    • Component/s: PuppetDB
    • Labels:
      None
    • Template:
    • Team:
      PuppetDB
    • Method Found:
      Needs Assessment
    • Release Notes:
      Security Fix
    • Release Notes Summary:
      Our dependency on jackson-databind was upgraded to 2.9.7 to fix CVE-2018-7489.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Update jackson-databind dependency to version 2.9.7 (latest) which has a fix for https://nvd.nist.gov/vuln/detail/CVE-2018-5968

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                robert.roland Robert Roland
                Reporter:
                robert.roland Robert Roland
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support