You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
Since you do not have a Security policy, I am posting this here.
IntelliJ IDEA reports that minio contains a vulnerable dependency.
The warning is as follows:
_
Provides transitive vulnerable dependency com.fasterxml.jackson.core:jackson-databind:2.13.2.2
CVE-2022-42003 7.5 Deserialization of Untrusted Data vulnerability pending CVSS allocation
CVE-2022-42004 7.5 Deserialization of Untrusted Data vulnerability pending CVSS allocation
Results powered by Checkmarx(c)
_
The Maven Repository reports some vulnerabilities too, even on later versions of that dependency.
Please update the com.fasterxml.jackson.core:jackson-databind dependency to v.2.13.4.2 (or to a later one, at the time of the update) and issue a hotfix release.
You can also enable Github's Dependabot alerts in this and other repositories to get security alerts.
Thank you.
The text was updated successfully, but these errors were encountered:
balamurugana
added a commit
to balamurugana/minio-java
that referenced
this issue
Nov 2, 2022
Hi,
Since you do not have a Security policy, I am posting this here.
IntelliJ IDEA reports that minio contains a vulnerable dependency.
The warning is as follows:
_
The Maven Repository reports some vulnerabilities too, even on later versions of that dependency.
Please update the
com.fasterxml.jackson.core:jackson-databind
dependency to v.2.13.4.2 (or to a later one, at the time of the update) and issue a hotfix release.You can also enable Github's Dependabot alerts in this and other repositories to get security alerts.
Thank you.
The text was updated successfully, but these errors were encountered: