Fixed JENKINS-59379: Update jackson via BOM import #427

msymons · 2019-09-15T14:11:37Z

Change property name from jackson-databind.version to jackson.version
Replace jackson modules in dependencyManagement by jackson-bom POM import
Use version 2.9.9.20190807. This gives jackson-databind 2.9.9.3 with fixes for four CVE
- CVE-2019-14379 (9.8)
- CVE-2019-14439 (7.5)
- CVE-2019-12384 (5.9)
- CVE-2019-12814 (5.9)

* Change property name from jackson-databind.version to jackson.version * Replace jackson modules in dependencyManagement by jackson-bom POM import * Use version 2.9.9.20190807. This gives jackson-databind 2.9.9.3 with fixes for four CVE

[JENKINS-59379] Update jackson via BOM import

c8edd80

* Change property name from jackson-databind.version to jackson.version * Replace jackson modules in dependencyManagement by jackson-bom POM import * Use version 2.9.9.20190807. This gives jackson-databind 2.9.9.3 with fixes for four CVE

khmarbaise self-requested a review September 16, 2019 20:03

khmarbaise added Dependency Upgrade Upgraded dependency security Possible security findings labels Sep 16, 2019

khmarbaise added this to the Release 0.4.0 milestone Sep 16, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fixed JENKINS-59379: Update jackson via BOM import #427

Fixed JENKINS-59379: Update jackson via BOM import #427

msymons commented Sep 15, 2019

Fixed JENKINS-59379: Update jackson via BOM import #427

Are you sure you want to change the base?

Fixed JENKINS-59379: Update jackson via BOM import #427

Conversation

msymons commented Sep 15, 2019