Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to Jackson #2988

merged 1 commit into from Oct 20, 2019


Copy link

msymons commented Oct 20, 2019


As per #2987, jackson 2.910 has three newly-discovered threats: CVE-2019-16942, CVE-2019-16943, CVE-2019-17531. Each has a CVSS v3.1 score of 9.8


Bump jackson.version to This updates jackson-databind to but does not change anything else.

Update jackson.version from 2.9.10 to
This addresses threats CVE-2019-16942, CVE-2019-16943, CVE-2019-17531
@joschi joschi added this to the 1.3.16 milestone Oct 20, 2019
@joschi joschi added the bug label Oct 20, 2019
@joschi joschi self-assigned this Oct 20, 2019
@joschi joschi changed the title Update jackson version to Update to Jackson Oct 20, 2019
@joschi joschi merged commit 7fa41c7 into dropwizard:release/1.3.x Oct 20, 2019
3 checks passed
3 checks passed
ci/circleci Your tests passed on CircleCI!
continuous-integration/appveyor/pr AppVeyor build succeeded
continuous-integration/travis-ci/pr The Travis CI build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.