Please update the Jackson lib used from 2.9.8 to current 2.9.9 due to CVE-2019-12086 in Jackson-Databind. Thanks.
Thanks for the report. Fixed in trunk. Could you test, if it works for you. Will be included in next JMeter version. Date: Wed May 29 12:51:13 2019 New Revision: 1860342 URL: http://svn.apache.org/viewvc?rev=1860342&view=rev Log: Update dependency of jackson to 2.9.9 Update the Jackson libraries used from 2.9.8 to current 2.9.9 due to CVE-2019-12086 in Jackson-Databind. Bugzilla Id: 63473 Modified: jmeter/trunk/LICENSE jmeter/trunk/build.properties jmeter/trunk/eclipse.classpath jmeter/trunk/lib/aareadme.txt jmeter/trunk/res/maven/ApacheJMeter_parent.pom jmeter/trunk/xdocs/changes.xml
Thanks - we already use 5.1.1 with updated Jackson libs without any problems so far.
This issue has been migrated to GitHub: https://github.com/apache/jmeter/issues/5089