Xero-Java icon indicating copy to clipboard operation
Xero-Java copied to clipboard

Published 20 hours ago verified publisher icon XeroAPI

Jackson-databind still vulnerable - needs version bump

Open BigBadaboom opened this issue 3 years ago • 0 comments
trafficstars

According to https://github.com/FasterXML/jackson-databind/issues/2816 2.13.2, as used in the current version of Xero-Java, is still vulnerable. It seems at least version 2.13.2.2 is required. However the latest release, at time of writing, is 2.13.3.

BigBadaboom avatar Aug 16 '22 23:08 BigBadaboom