Update jackson-databind dependency in the main POM file to fix CVE-2020-36518 #11188
Labels
area/dependencies
kind/cve
Issues identified as CVEs on third-party dependencies, or issues which Keycloak is not affected
Milestone
Describe the bug
The dependency of Jackson Databind used by the Quarkus distribution is impacted by https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36518. The simple fix is to upgrade.
It wasn't updated before on #11071 due to concerns about breaking changes, but I noticed that 2.12.6.1 also contains patches for this CVE.
More details
GitHub Commit
GitHub Issue
GitHub PR
Version
17.0.1
Expected behavior
No response
Actual behavior
No response
How to Reproduce?
No response
Anything else?
No response
Version
17.0.1
Expected behavior
No response
Actual behavior
No response
How to Reproduce?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: