allure-framework/allure-java

com.fasterxml.jackson.core_jackson-core version 2.14.1 has several vulnerabilites

fjgarciao opened this issue 9 months ago · 1 comments

fjgarciao commented 9 months ago

What happened?

Hi all,
Current jackson version embedded in allure-java-commons has several vulnerabilities:

FasterXML/jackson-core#827 (high)
https://nvd.nist.gov/vuln/detail/CVE-2023-35116 (medium)

Could it be possible to upgrade to jackson-bom:2.17.0?

What Allure Integration are you using?

allure-java-commons

What version of Allure Integration you are using?

2.27.0

What version of Allure Report you are using?

2.27.0

Code of Conduct

I agree to follow this project's Code of Conduct

baev commented 6 months ago

fixed via #1086