Revision history [back]

click to hide/show revision 1
initial version

asked 2018-02-01 04:39:36 +0800

sahild gravatar image sahild

Security vulnerability with zkee included FasterXML Jackson libraries

We were just identified as having a security vulnerability in our product. The vulnerability is related to the FasterXML Jackson libraries included with ZKEE 8.0.5 (and 8.5.0) releases. It appears both levels of ZKEE are using version 2.5.1 of the FasterXML libraries and the fix is in the very recent 2.9.4 FasterXML Jackson released on January 21, 2018.
We know this is new, but wanted to see if you knew about this and if there are plans to release a 8.0.x and 8.5.x version with an upgrade to this new level. Or do you know if it will work if we just replace the jackson-xxxx.jar files with the latest ones? FYI the Common Vulnerabilities and Exposures (CVE) numbers are: CVE-2017-7525, CVE-2017-15095, CVE-2017-17485.

Security vulnerability with zkee included FasterXML Jackson librarieslibraries included with ZKEE

We were just identified as having a security vulnerability in our product. The vulnerability is related to the FasterXML Jackson libraries included with ZKEE 8.0.5 (and 8.5.0) releases. It appears both levels of ZKEE are using version 2.5.1 of the FasterXML libraries and the fix is in the very recent 2.9.4 FasterXML Jackson released on January 21, 2018.
We know this is new, but wanted to see if you knew about this and if there are plans to release a 8.0.x and 8.5.x version with an upgrade to this new level. Or do you know if it will work if we just replace the jackson-xxxx.jar files with the latest ones? FYI the Common Vulnerabilities and Exposures (CVE) numbers are: CVE-2017-7525, CVE-2017-15095, CVE-2017-17485.

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More