63473 – Please update dependency of jackson to 2.9.9

Bug 63473 - Please update dependency of jackson to 2.9.9

Summary: Please update dependency of jackson to 2.9.9

Status:	RESOLVED FIXED

Alias:	None

Product:	JMeter - Now in Github
Classification:	Unclassified
Component:	Main (show other bugs)
Version:	5.1.1
Hardware:	All All

Importance:	P2 normal (vote)
Target Milestone:	JMETER_5.2
Assignee:	JMeter issues mailing list

URL:
Keywords:	FixedInTrunk

Depends on:
Blocks:

Reported:	2019-05-29 12:03 UTC by S. Seide
Modified:	2019-06-02 10:55 UTC (History)
CC List:	1 user (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description S. Seide 2019-05-29 12:03:39 UTC

Please update the Jackson lib used from 2.9.8 to current 2.9.9 due to CVE-2019-12086 in Jackson-Databind.

Thanks.

Comment 1 Felix Schumacher 2019-05-29 12:59:06 UTC

Thanks for the report. Fixed in trunk. Could you test, if it works for you.

Will be included in next JMeter version.

Date: Wed May 29 12:51:13 2019
New Revision: 1860342

URL: http://svn.apache.org/viewvc?rev=1860342&view=rev
Log:
Update dependency of jackson to 2.9.9

Update the Jackson libraries used from 2.9.8 to current 2.9.9 due to
CVE-2019-12086 in Jackson-Databind.

Bugzilla Id: 63473

Modified:
    jmeter/trunk/LICENSE
    jmeter/trunk/build.properties
    jmeter/trunk/eclipse.classpath
    jmeter/trunk/lib/aareadme.txt
    jmeter/trunk/res/maven/ApacheJMeter_parent.pom
    jmeter/trunk/xdocs/changes.xml

Comment 2 S. Seide 2019-05-29 14:03:28 UTC

Thanks - we already use 5.1.1 with updated Jackson libs without any problems so far.

Comment 3 The ASF infrastructure team 2022-09-24 20:38:17 UTC

This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/5089