Hello! Please file an issue against Apache Ignite JIRA: https://issues.apache.org/jira/browse/IGNITE
Regards, -- Ilya Kasnacheev сб, 19 сент. 2020 г. в 02:22, Andrew Story <[email protected]>: > Would it be possible in the next release of Ignite to upgrade the 3rd party > component > > /opt/ignite/apache-ignite/libs/optional/ignite-rest-http/jackson-databind-2.9.6.jar > to jackson-databind-2.11.2.jar or greater? > This .jar is also present in > /opt/ignite/apache-ignite/libs/optional/ignite-kubernetes/ and may be in > other optional folders as well. > > This component jackson-databind-2.9.6.jar is flagged as having numerous > critical, high and medium security vulnerabilities, one of which is > described here: > https://nvd.nist.gov/vuln/detail/CVE-2019-14540 > > I can provide a more complete list of vulnerabilities if that helps. > > The latest version of this component appears to be 2.11.2 which should > resolve these vulnerabilities: > https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.11.2 > > Note if there is a better way to provide this information/request please > let > me know. > > Thanks, > > Andrew Story > > > > -- > Sent from: http://apache-ignite-users.70518.x6.nabble.com/ >
