bguerout/jongo

New CVE-2020-36518 (high) with jackson-databind

Closed this issue · 2 comments

afiller commented

Hi,

it would be great if you could provide a version "1.5.1" with updated jackson-databind since there is a new CVE record reated as high:

https://www.cve.org/CVERecord?id=CVE-2020-36518

It should be quite easy, since a new fixed version of jackson-databind already exists.

Thanks in advcance!

Andreas

bguerout commented

Hello,

Jongo 1.5.1 has been released with dependencies updates:

<dependency>
    <groupId>org.jongo</groupId>
    <artifactId>jongo</artifactId>
    <version>1.5.1</version>
</dependency>

Feel free to reopen this issue if needed.

  • 👍2
  • 🎉2