Uploaded image for project: 'Build'
  1. Build
  2. BUILD-308

Update resteasy to prevent jackson-databind deserializer security (CVE-2017-7525)

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • BOM 5.7
    • None
    • None
    • Yes
    • Saigon 147
    • 3

    Description

      According to jackson-databind: the fix of (CVE-2017-7525) is introduced from 2.8.9 . See https://github.com/FasterXML/jackson-databind/issues/1599. 

       

      Note: There are some update from jackson related to another CVE issues: https://github.com/FasterXML/jackson-databind/issues?utf8=%E2%9C%93&q=label%3ACVE+. So it will be good if we can use resteasy shipped with newer jackson-databind ( like 2.9.5, 2.8.11.1)

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                oanh.thai Oanh Thai Hoang
                oanh.thai Oanh Thai Hoang
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoR

                    Time Tracking

                      Estimated:
                      Original Estimate - Not Specified
                      Not Specified
                      Remaining:
                      Remaining Estimate - 0d
                      0d
                      Logged:
                      Time Spent - 1.25d
                      1.25d