Hi,
We found a vulnerability in our systems which is related to Deserialization of Untrusted Data. It states that the fix is to Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.6.7.4, 2.9.10.5 or higher.
We wanted to know if there is a relevant hotfix or Pega Download that can help us clear up this vulnerability.
Thanks,
-Jeremy L.
Please open up a support case (INC-) and provide the relevant details related to the issue you are seeing:
CVE details
Vulnerability report
Once you have the case created, please reply here with the case id to reference for this issue.
An engineer will be assigned and can follow up with you regarding the issue reported.
Thanks!
Please let us know the Incident ID when you open it so we may track this for you.
Thank you!
@Br@dTainter_GCS
Ok I will open a ticket up and hopefully get this resolved.
Thanks,
-Jeremy L.
Hi @JeremyL4,
Please note that in 8.6 many libraries including the one you mentioned have been updated. See https://community.pega.com/node/2273161
Can I suggest to update to 8.6 (or 8.7) to take advantage these and other security improvements?
Kind regards,