Uploaded image for project: 'mod-source-record-manager'
  1. mod-source-record-manager
  2. MODSOURMAN-704

jackson-databind 2.13.1 fixing DoS JsonNode issue

    XMLWordPrintable

Details

    • Folijet Sprint 133
    • 0
    • Folijet
    • Lotus R1 2022
    • Third party component integration

    Description

      Approach:

      Remove pom.xml entries that downgrade the jackson version provided by vertx-stack-depchain.

      This bumps the jackson version from 2.13.0 back to version 2.13.1 provided by vertx-stack-depchain.

      This fixes this issue:

      "Possible DoS if using JDK serialization to serialize JsonNode" https://github.com/FasterXML/jackson-databind/issues/3328

      TestRail: Results

        Attachments

          Issue Links

            defines

            New Feature - New feature requests UXPROD-3262 NFR: Data Import R1 2022 Lotus Technical, NFR, & Misc work

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. MODSOURMAN-667 JsonNode JDK serialization DoS vulnerability

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases