Would it be possible in the next release of Ignite to upgrade the 3rd party component /opt/ignite/apache-ignite/libs/optional/ignite-rest-http/jackson-databind-2.9.6.jar to jackson-databind-2.11.2.jar or greater? This .jar is also present in /opt/ignite/apache-ignite/libs/optional/ignite-kubernetes/ and may be in other optional folders as well.
This component jackson-databind-2.9.6.jar is flagged as having numerous critical, high and medium security vulnerabilities, one of which is described here: https://nvd.nist.gov/vuln/detail/CVE-2019-14540 I can provide a more complete list of vulnerabilities if that helps. The latest version of this component appears to be 2.11.2 which should resolve these vulnerabilities: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.11.2 Note if there is a better way to provide this information/request please let me know. Thanks, Andrew Story -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/
