Uploaded image for project: 'Build'
  1. Build
  2. BUILD-308

Update resteasy to prevent jackson-databind deserializer security (CVE-2017-7525)

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Neutral Neutral
    • BOM 5.7
    • None
    • None
    • Yes
    • Saigon 147
    • 3

      According to jackson-databind: the fix of (CVE-2017-7525) is introduced from 2.8.9 . See https://github.com/FasterXML/jackson-databind/issues/1599. 

       

      Note: There are some update from jackson related to another CVE issues: https://github.com/FasterXML/jackson-databind/issues?utf8=%E2%9C%93&q=label%3ACVE+. So it will be good if we can use resteasy shipped with newer jackson-databind ( like 2.9.5, 2.8.11.1)

        Acceptance criteria

              oanh.thai Oanh Thai Hoang
              oanh.thai Oanh Thai Hoang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Task DoR

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0d
                    0d
                    Logged:
                    Time Spent - 1.25d
                    1.25d