当前位置: 文江博客话题详情

Jackson-Databind 漏洞修复

发布于 2025-01-17 14:36:42 字数 1748 浏览 0 评论 0原文

任何人是否使用修复程序更新了他们的应用程序,以解决Jackson-Databind 2.12.6脆弱性错误。它已修复在V 2.13.12.1中,但是当我更新Gradle以引用此最新库时,我会遇到另一个依赖项错误,而Gradle无法下载它。如果您有其他选择,请协助。

构建错误是

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':compileJava'.
> Could not resolve all files for configuration ':compileClasspath'.
   > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
     Required by:
         project : > com.fasterxml.jackson.core:jackson-databind:2.13.2.1
      > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
         > Could not get resource 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'.
            > Could not GET 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'. Received status code 503 from server: Service Unavailable
   > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
     Required by:
         project : > com.fasterxml.jackson.core:jackson-annotations:2.13.2
         project : > com.fasterxml.jackson.core:jackson-core:2.13.2
      > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
         > Could not get resource 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'.
            > Could not GET 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'. Received status code 503 from server: Service Unavailable
原文

Did any one updated their application with a fix to the jackson-databind 2.12.6 vulerability error. Its fixed in v 2.13.12.1, but when I update my gradle to refer to this latest library, I get another dependency error, which my gradle isn't able to download it. Please assist if you have any alternatives.

The build error is

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':compileJava'.
> Could not resolve all files for configuration ':compileClasspath'.
   > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
     Required by:
         project : > com.fasterxml.jackson.core:jackson-databind:2.13.2.1
      > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
         > Could not get resource 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'.
            > Could not GET 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'. Received status code 503 from server: Service Unavailable
   > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
     Required by:
         project : > com.fasterxml.jackson.core:jackson-annotations:2.13.2
         project : > com.fasterxml.jackson.core:jackson-core:2.13.2
      > Could not resolve com.fasterxml.jackson:jackson-bom:2.13.2.1.
         > Could not get resource 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'.
            > Could not GET 'https://internalreporsitoryhost:8443/repository/maven-jaspersoft-3rd-party-ce/com/fasterxml/jackson/jackson-bom/2.13.2.1/jackson-bom-2.13.2.1.pom'. Received status code 503 from server: Service Unavailable

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

绾颜 2025-01-24 14:36:42

您可以使用类似的依赖性约束:

def jackson_version = '2.13.2'
def jackson_databind_version = '2.13.2.1'

constraints {
    compile("com.fasterxml.jackson:jackson-bom") {
        version {
            strictly jackson_version
        }
        because 'previous versions are vulnerable to CVE-2020-36518'
    }
    compile("com.fasterxml.jackson.core:jackson-databind") {
        version {
            require jackson_databind_version
        }
        because 'previous versions are vulnerable to CVE-2020-36518'
    }
}

请参阅

这应该迫使Gradle使用旧版本的Jackson-Bom/Core和Jackson Databind的新版本/固定版本。

You can use dependency constraints like this:

def jackson_version = '2.13.2'
def jackson_databind_version = '2.13.2.1'

constraints {
    compile("com.fasterxml.jackson:jackson-bom") {
        version {
            strictly jackson_version
        }
        because 'previous versions are vulnerable to CVE-2020-36518'
    }
    compile("com.fasterxml.jackson.core:jackson-databind") {
        version {
            require jackson_databind_version
        }
        because 'previous versions are vulnerable to CVE-2020-36518'
    }
}

See https://docs.gradle.org/current/userguide/rich_versions.html#sec:strict-version for details.

This should force gradle to use the older version of jackson-bom/core and the newer/fixed version of jackson databind.

回复 原文
病毒体 2025-01-24 14:36:42

这个(2.13.2.1)版本似乎有错误
https://github.com/FasterXML/jackson-bom/issues/52

尝试使用微补丁2.13.2.20220328(https://github.com/FasterXML/jackson-bom/发布/标签/jackson-bom-2.13.2.20220328

例如'com.fasterxml.jackson:jackson-bom:2.13.2.20220328'

It seems there is a error with this(2.13.2.1) version
https://github.com/FasterXML/jackson-bom/issues/52

Try to use micro patch 2.13.2.20220328(https://github.com/FasterXML/jackson-bom/releases/tag/jackson-bom-2.13.2.20220328)

e.g 'com.fasterxml.jackson:jackson-bom:2.13.2.20220328'

回复 原文
~没有更多了~

关于作者

陌伤浅笑

暂无简介

文章
评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

饮湿

文章 0 评论 0

明月

文章 0 评论 0

02

文章 0 评论 0

hs1283

文章 0 评论 0

风向决定发型

文章 0 评论 0

落花浅忆

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文