Community
Participate
Working Groups
Eclipse Orbit includes bundles from Jackson 2.13.2 which are vulnerable to CVE-2020-36518. Eclipse Orbit should be updated to include at least 2.13.3. As of this writing, the current release is 2.13.4. references: https://nvd.nist.gov/vuln/detail/CVE-2020-36518 https://github.com/FasterXML/jackson-databind/issues/2816
The Eclipse Orbit project is now on GitHub at https://github.com/eclipse/orbit If this issue is still relevant, please create an issue (and PR :-) on GitHub. This notice is only going to the 17 bugzilla's that have been changed in the last ~18 months or so to avoid inundating everyone's inbox with long out of date issues. Please see https://bugs.eclipse.org/bugs/buglist.cgi?product=Orbit&query_format=advanced&resolution=--- for all the unresolved Orbit bugs