Uploaded image for project: 'Automation for Jira Server'
  1. Automation for Jira Server
  2. JIRAAUTOSERVER-44

Update jackson databind

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Issue Summary

      We are about to upgrade Automation for Jira but we found some vulnerabilities regarding the jackson-databind at automation-for-jira-7.1.5.jar.

      When we downloaded the version of this plugin and scanned in our system for vulnerabilities and found these vulnerabilites.ex:

      CVE-2017-17485 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-1000873 Medium 4.3 jackson-databind-2.9.2.jar
      CVE-2018-11307 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-12022 Medium 5.1 jackson-databind-2.9.2.jar
      CVE-2018-12023 Medium 5.1 jackson-databind-2.9.2.jar
      CVE-2018-14718 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-14719 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-14720 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-14721 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-19360 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-19361 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-19362 High 7.5 jackson-databind-2.9.2.jar
      CVE-2018-5968 Medium 5.1 jackson-databind-2.9.2.jar
      CVE-2018-7489 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-12086 Medium 5.0 jackson-databind-2.9.2.jar
      CVE-2019-12384 Medium 4.3 jackson-databind-2.9.2.jar
      CVE-2019-12814 Medium 4.3 jackson-databind-2.9.2.jar
      CVE-2019-14379 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-14439 Medium 5.0 jackson-databind-2.9.2.jar
      CVE-2019-14540 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-14892 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-14893 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-16335 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-16942 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-16943 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-17267 High 7.5 jackson-databind-2.9.2.jar
      CVE-2019-20330 High 7.5 jackson-databind-2.9.2.jar
      CVE-2020-10672 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-10673 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-10968 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-10969 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-11111 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-11112 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-11113 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-11619 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-11620 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-8840 High 7.5 jackson-databind-2.9.2.jar
      CVE-2020-9546 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-9547 Medium 6.8 jackson-databind-2.9.2.jar
      CVE-2020-9548 Medium 6.8 jackson-databind-2.9.2.jar

            [JIRAAUTOSERVER-44] Update jackson databind

            Deyves (Inactive) made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 549486 ]

            Feyz added a comment -

            Hi,

            automation-for-jira-7.2.6 still has the same issue that we faced before for DC and SA after Black Duck scan for vulnerability issue . It is found in jackson-databind folder.

            Can you help us to fix the issue. Thanks.

            Feyz added a comment - Hi, automation-for-jira-7.2.6 still has the same issue that we faced before for DC and SA after Black Duck scan for vulnerability issue . It is found in jackson-databind folder. Can you help us to fix the issue. Thanks.
            Daniel Ramotowski made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Waiting for Release [ 12075 ] New: Closed [ 6 ]
            Daniel Ramotowski made changes -
            Fix Version/s New: 7.2.6 [ 94807 ]
            Daniel Ramotowski made changes -
            Status Original: In Progress [ 3 ] New: Waiting for Release [ 12075 ]
            Daniel Ramotowski made changes -
            Status Original: Gathering Interest [ 11772 ] New: In Progress [ 3 ]
            Daniel Ramotowski made changes -
            Fix Version/s New: 7.2.5 [ 94190 ]
            Deyves (Inactive) created issue -

              Unassigned Unassigned
              dsenger Deyves (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: