karate Upgrade armeria from 1.13.4 to >= 1.18.0 fixing jackson-databind vuln

Upgrade armeria from 1.13.4 to >= 1.18.0 fixing jackson-databind vuln

Open julianladisch opened this issue 2 years ago • 1 comments

karate-core/pom.xml has this dependency: com.linecorp.armeria:armeria1.13.4

This includes a vulnerable (CVE-2020-36518) jackson-databind dependency: https://mvnrepository.com/artifact/com.linecorp.armeria/armeria/1.13.4

Bumping armeria to 1.18.0 or any later fixes this: https://mvnrepository.com/artifact/com.linecorp.armeria/armeria/1.18.0

Aug 24 '22 18:08 julianladisch

done in develop and CI looks good

Aug 24 '22 18:08 ptrthomas

Thanks

Oct 18 '22 14:10 julianladisch

@julianladisch thanks, we will keep this open until the final 1.3.0 release, just the process we follow here

Oct 18 '22 14:10 ptrthomas

1.3.0 released

Nov 02 '22 17:11 ptrthomas