-
Task
-
Resolution: Done
-
Medium
-
None
-
None
-
Frankfurt Sp2 : 11/25 - 1/17
CCSDK sli-northbound dmaap-listener and ueb-listener have security vulnerabilities in 3rd party library jackson-databind2.9.8. This library version needs to be updated in CCSDK parent/standalone/pom.xml:
https://codecloud.web.att.com/projects/ST_CCSDK/repos/parent/browse/standalone/pom.xml#69
Feedback from Dan:[djt] We can make this change, but I'd prefer to update to 2.9.9.3 if possible to be consistent with the version used in the latest spring-boot release.
Update: Since 2.9.9.3 also has vulnerabilities detected, the latest guidance is to update jackson libraries to 2.10.0