New CVE-2020-36518 (high) with jackson-databind
Closed this issue · 2 comments
afiller commented
Hi,
it would be great if you could provide a version "1.5.1" with updated jackson-databind since there is a new CVE record reated as high:
https://www.cve.org/CVERecord?id=CVE-2020-36518
It should be quite easy, since a new fixed version of jackson-databind already exists.
Thanks in advcance!
Andreas
c-goettert commented
+1
bguerout commented
Hello,
Jongo 1.5.1 has been released with dependencies updates:
<dependency>
<groupId>org.jongo</groupId>
<artifactId>jongo</artifactId>
<version>1.5.1</version>
</dependency>
Feel free to reopen this issue if needed.