Replies: 2 comments 2 replies
-
Hello, I would like to ask please, would adding this:
regards |
Beta Was this translation helpful? Give feedback.
1 reply
-
I think the advice contains typo. The word |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
To fix CVE-2020-36518 in your Play 2.8 application you need to upgrade to either latest Jackson 2.12.x or 2.13.x. Play 2.8 uses older Jackson 2.11, but unfortunately the Jackson developers won't backport the fix to the 2.11.x branch.
We don't plan to upgrade Jackson 2.11.x in Play 2.8.x as of now, since that might break existing Play applications.
Make sure to thoroughly test your application before putting it into production with an upgraded major Jackson version!
To upgrade Jackson you have to add this to your
build.sbt
:If you now run
sbt dependencyTree
orshow runtime:fullClasspat
you should see all the Jackson versions should be upgraded.Also see:
main
branch)main
branch)Beta Was this translation helpful? Give feedback.
All reactions