Uploaded image for project: 'Common Controller SDK'
  1. Common Controller SDK
  2. CCSDK-1810

Update CCSDK standalone parent jackson version to 2.10.0 to address security vulnerabilities

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Medium Medium
    • Frankfurt Release
    • None
    • parent
    • None
    • Frankfurt Sp2 : 11/25 - 1/17

      CCSDK sli-northbound dmaap-listener and ueb-listener have security vulnerabilities in 3rd party library jackson-databind2.9.8.  This library version needs to be updated in CCSDK parent/standalone/pom.xml:

      https://codecloud.web.att.com/projects/ST_CCSDK/repos/parent/browse/standalone/pom.xml#69

       

      Feedback from Dan:[djt] We can make this change, but I'd prefer to update to 2.9.9.3 if possible to be consistent with the version used in the latest spring-boot release.
      Update: Since 2.9.9.3 also has vulnerabilities detected, the latest guidance is to update jackson libraries to 2.10.0

            lalena.aria lalena.aria
            lalena.aria lalena.aria
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: