Skip to content

chore: security upgrade jackson-databind from 2.13.0 to 2.13.2#726

Merged
childish-sambino merged 1 commit into
sendgrid:mainfrom
tomoyaY:patch-2
Mar 28, 2022
Merged

chore: security upgrade jackson-databind from 2.13.0 to 2.13.2#726
childish-sambino merged 1 commit into
sendgrid:mainfrom
tomoyaY:patch-2

Conversation

@tomoyaY

@tomoyaY tomoyaY commented Mar 26, 2022

Copy link
Copy Markdown
Contributor

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    pom.xml

ref

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

https://nvd.nist.gov/vuln/detail/CVE-2020-36518

@tomoyaY tomoyaY changed the title security upgrade com.fasterxml.jackson.core:jackson-databind from 2.1… security upgradejackson-databind from 2.3.0 to 2.3.2 Mar 26, 2022
@tomoyaY tomoyaY changed the title security upgradejackson-databind from 2.3.0 to 2.3.2 security upgradejackson-databind from 2.13.0 to 2.13.2 Mar 26, 2022
@tomoyaY tomoyaY changed the title security upgradejackson-databind from 2.13.0 to 2.13.2 chore: security upgradejackson-databind from 2.3.0 to 2.3.2 Mar 26, 2022
@tomoyaY tomoyaY changed the title chore: security upgradejackson-databind from 2.3.0 to 2.3.2 chore: security upgrade jackson-databind from 2.3.0 to 2.3.2 Mar 26, 2022
@childish-sambino childish-sambino changed the title chore: security upgrade jackson-databind from 2.3.0 to 2.3.2 chore: security upgrade jackson-databind from 2.13.0 to 2.13.2 Mar 28, 2022

@childish-sambino childish-sambino left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks for the fix!

@childish-sambino childish-sambino merged commit f370ca9 into sendgrid:main Mar 28, 2022
@tomoyaY tomoyaY deleted the patch-2 branch March 30, 2022 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants