Home > Java > javaTutorial > How to solve the problem of specifying jackson version in SpringBoot upgrade

How to solve the problem of specifying jackson version in SpringBoot upgrade

王林
Release: 2023-05-12 14:13:35
forward
2564 people have browsed it

[Vulnerability Notice]

On February 19, NVD issued a security notice disclosing the remote code execution
vulnerability (CVE-2020-8840) in jackson-databind caused by JNDI injection. The CVSS score is 9.8. The affected version of jackson-databind lacks
certain xbean-reflect/JNDI blacklist classes, such as org.apache.xbean.propertyeditor.JndiConverter,
which can lead to attackers using JNDI injection to implement remote code implement. At present, the manufacturer has released a new version to complete the vulnerability repair.
Relevant users are requested to upgrade in time for protection.

Since the Springboot version used in the project is 2.1.3, and the built-in jackson version is 2.9.8, which is lower than the safe version
2.9.10.6, so the jackson version needs to be upgraded.

Modify the jackson version in Springboot

Add the jackson.version attribute under the properties tag in the project's pom.xml

<jackson.version>2.11.0</jackson.version>
Copy after login

How to solve the problem of specifying jackson version in SpringBoot upgrade

If you only want to modify the jackson-databind version, add the jackson.version.databind attribute

<jackson.version.databind>${jackson.version}</jackson.version.databind>
Copy after login

The above is the detailed content of How to solve the problem of specifying jackson version in SpringBoot upgrade. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template