We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
io.fusionauth:fusionauth-jwt:4.0.1 uses:
<dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.10.3</version> </dependency>
but this dependency has several security vulnerabilities:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14060 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14061 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14062 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14195 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24616 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24750
Version 2.12.1 is now available: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.12.1 and it includes the fixes.
The text was updated successfully, but these errors were encountered:
Ugh.. hard to keep up with Jackson vulnerabilities. :-) Thanks for the heads up.
Sorry, something went wrong.
Update jackson to 2.12.1.
00182fe
#29
@robotdan I hear you, is a nightmare. Thanks for the quick fix.
@robotdan any idea when v4.1.0 will become available in Maven repository ?
Oops, did not release to maven yet. Done. Thanks for the reminder. (may take an hour or two for it to show up in the maven repos)
Successfully merging a pull request may close this issue.
io.fusionauth:fusionauth-jwt:4.0.1 uses:
but this dependency has several security vulnerabilities:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14060
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14061
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14062
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14195
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24616
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24750
Version 2.12.1 is now available: https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.12.1 and it includes the fixes.
The text was updated successfully, but these errors were encountered: