Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG][Java Client][Security] Please upgrade dependency libraries to latest version:com.fasterxml.jackson.core:jackson-databind(2.15.2) #2927

Open
lyiyu66 opened this issue Dec 18, 2023 · 2 comments
Open

[BUG][Java Client][Security] Please upgrade dependency libraries to latest version:com.fasterxml.jackson.core:jackson-databind(2.15.2) #2927

lyiyu66 opened this issue Dec 18, 2023 · 2 comments
Assignees
@huihuiw01
Labels
area/java-client kind/bug Something isn't working kind/security priority/medium

Comments

@lyiyu66
Copy link

lyiyu66 commented Dec 18, 2023

commit: f24e60b
In Singleton Java Client build, below dependency library is out of date, please upgrade it to latest version:

com.fasterxml.jackson.core:jackson-databind(2.15.2): Medium

CVE-2023-35116
@huihuiw01
Copy link
Contributor

The library's version has been upgraded to 2.16.0 in PR #2851, and 2.16.0 has no security issue, just need publish a new pattern package build including this change. @renligeng Please help publish.

@huihuiw01
Copy link
Contributor

New version https://repo1.maven.org/maven2/com/vmware/singleton/singleton-i18n-patterns-core/0.5.16/ has been published by @renligeng on 2024-01-15.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@huihuiw01 huihuiw01

Labels
area/java-client kind/bug Something isn't working kind/security priority/medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@huihuiw01 @lyiyu66