Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Upgrade to official Jackson fix for preventing a DoS attack #2591
Jan 5, 2019
5 checks passed
referenced this pull request
Jan 8, 2019
This was referenced
Feb 3, 2019
thank you for including #2620 . I updated my version of dropwizard to 1.3.8, but I am still vulnerable (as the fix will come with this release). Due to the high criticality of the fixed vulnerabilities a release should be addressed soon.
Now that I have done that I am also very interested in knowing when 1.3.9 might be released.
I see from #2578 that this is a false positive for dropwizard. However, using 1.7.25 does give threat warnings when projects that use dropwizard are analysed.... far easier to just use 1.7.26.
(Should I log an issue/PR?)