Toggle navigation
EN
EN
DE
ES
FR
IT
UK
Help
Log In
Help
Log In
EN
EN
DE
ES
FR
IT
UK
Home
Messages
Hashtags
Subgroups
Calendar
×
×
×
Close
Likes
Janusgraph-Users
Messages
×
Close
Search
Single
Toggle Dropdown
Messages
Topics
Expanded
previous page
#4246
next page
Upgrade Jackson version to 2.10.0 or greater to close security issues
james....@...
#4246
Hi, I briefly looked through this google group and did not see this request. If this is a duplicate I apologize.
Our security scans flagged the security issues is the jackson-databind jar files that I believe are bundle with both
JanusGraph 0.3.2 & JanusGraph 0.4.00
I noticed under janusgraph-all
grep: janusgraph-test: Is a directory
pom.xml: <jackson1.version>1.9.13</jackson1.version>
pom.xml: <jackson2.version>2.6.6</jackson2.version>
If feasible can the JanusGraph team upgrade their 0.3.x and 0.4.x branches to version 2.10 or later for the following:
Here are the updated versions for the jackson projects I believe are in use in JanusGraph that should be updated together
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.10.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.10.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.10.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base
https://mvnrepository.com/artifact/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/2.10.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider
https://mvnrepository.com/artifact/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.10.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.module/jackson-module-scala_2.11
https://mvnrepository.com/artifact/com.fasterxml.jackson.module/jackson-module-scala_2.11/2.10.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jsr310
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.10.0
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-json-org
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-json-org/2.10.0
Thanks for your help, I'm not a developer myself so I can't generate a pull request for you with these requested changes, otherwise I would.
Thanks for any help
James Stroud (I actually work for IBM but google groups uses my gmail id).
More
×
previous page
#4246
next page
Join
janusgraph-users@lists.lfaidata.foundation to automatically receive all group messages.
×
Close
Report Message
Reason
Report to Moderators
I think this message isn't appropriate for our group. The Group moderators are responsible for maintaining their community and can address these issues.
Report to LF AI and Data Support
I think this violates the Terms of Service. This includes: harm to minors, violence or threats, harassment or privacy invasion, impersonation or misrepresentation, fraud or phishing.
Note:
Your email address is included with the abuse report.
×
Close
Verify Delete
Are you sure you wish to delete this message from the message archives of janusgraph-users@lists.lfaidata.foundation?
This cannot be undone.
×
Close
Verify Repost
Are you sure you wish to repost this message?
More Options
More
Home
Hashtags
Subgroups
Calendar
Terms
Toggle navigation
Terms
©
2023
Groups.io
