Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #1737 on 2.6 branch #1945

Merged
merged 1 commit into from
Feb 26, 2018
Merged

Fix #1737 on 2.6 branch #1945

merged 1 commit into from
Feb 26, 2018

Conversation

derekstraka
Copy link
Contributor

#1737 fixes CVE 2017-15095 apply this on 2.6 as well for if/when the next release occurs.

@derekstraka
Copy link
Contributor Author

@poverma - FYI

@cowtowncoder cowtowncoder added the CVE Issues related to public CVEs (security vuln reports) label Feb 26, 2018
@cowtowncoder
Copy link
Member

Thanks! Will add a note on https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.6.7.x as well, if 2.6.7.2 release is desired -- let me know if and when, micro-patches are easy enough.
I am now trying to add CVE tag for issues, prs.

@cowtowncoder cowtowncoder merged commit a054585 into FasterXML:2.6 Feb 26, 2018
@derekstraka derekstraka deleted the 1737-2.6 branch February 26, 2018 18:43
@derekstraka
Copy link
Contributor Author

@cowtowncoder - We'd appreciate a release since we have some open source projects that are resisting the update to 2.7.X for some reason, hence the backport of this fix. Thanks!

@ScrapCodes
Copy link

GHSA-h592-38cm-4ggp Seems to indicate, the version 2.6.7.3 is affected. Is it that the advisories data is out of date? What is the way to update it.

@cowtowncoder
Copy link
Member

@ScrapCodes as per my other comment, I do not know how to do anything about that, but as per

https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.6.7.x

issue was fixed in 2.6.7.2.

@cowtowncoder cowtowncoder added this to the 2.6.7.2 milestone Dec 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CVE Issues related to public CVEs (security vuln reports)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants