[LPS-93257] Known vulnerabilities in jackson-databind-2.1.4 - Liferay Issues

Details

Type: Bug
Status: Resolved
Resolution: Fixed
Affects Version/s: 7.0.X, 7.1.X
Fix Version/s: 7.0.X, 7.1.X
Component/s: Push Notifications
Labels:
None

Branch Version/s:

7.1.x, 7.0.x
Backported to Branch:

Committed
Git Pull Request:
https://github.com/liferay/liferay-portal-ee/pull/13619

Description

jackson-databind-2.1.4 has the following known vulnerabilities:

CVE-2018-19361
CVE-2017-15095
CVE-2017-7525
CVE-2018-14720
CVE-2018-19360
CVE-2018-7489
CVE-2018-19362
CVE-2018-14721
CVE-2018-1000873
CVE-2018-14719

Attachments

Issue Links

is related to

LPS-89878 Move heavily used com.fasterxml.jackson jars into core

Closed

Activity

People

Assignee:

Brian Chan

Reporter:

Yuxing Wu

Participants of an Issue:

Brian Chan, Samuel Kong, Yuxing Wu

Recent user:

Brian Chan

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

02/Apr/19 8:33 PM

Updated:

19/Apr/19 3:10 PM

Resolved:

12/Apr/19 9:23 AM

Days since last comment:

15 weeks, 2 days ago

Packages

Version	Package
7.0.X
7.1.X