Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jackson-databind-2.3.2 update

Vu Tran
Vu Tran February 6, 2018

Hello:

We current have Jira Core 7.1.2 installed.  Lately we were informed by a client that the Jackson-databind-2.3.2 which is included in the deployment package of Jira has serious vulnerabilities.  Can you please let me know the following:

1. Is there an update for this issue?

2.  If there is, how do we deploy the update to the server?

3.  Would the update require a server upgrade to the latest?

Thanks,

-Vu

 

 

 

Answer
Watch
Like Be the first to like this
865 views

2 answers

0 votes
Matt Doar
Matt Doar
Community Champion
February 7, 2018

From the linked j.a.c. issue I see 

"JIRA does not employ methodology which would enable exploitation of these old vulnerabilities(detailed in CVE-2017-15095"

It doesn't sound like the "serious vulnerabilities" are happening. So I'd expect this is a lower priority to fix

Reply
0 votes
Tinker Fadoua
Tinker Fadoua
Community Champion
February 6, 2018

Hi Vu

Here is the link to the issue related to the JAR file, you can vote on it:

https://jira.atlassian.com/browse/JRASERVER-66511

View More Comments
Vu Tran
Vu Tran February 7, 2018

Hi Fadoua:

Thank you for the information.  Can you please advise if the related libraries are going to be updated in the next release of Jira or related software?

It appeared Confluence also has this set of library.  It is a major concern for us and our clients when we are looking into using Confluence product for a larger user group.  

Please advise if any remedy action necessary to address this issue.

Thanks again.

-Vu

Like
Tinker Fadoua
Tinker Fadoua
Community Champion
February 7, 2018

Hi Vu,

Since there is no update yet from Atlassian on the ticket I sent you yesterday, I will suggest you to open yourself a ticket with Atlassian and share your concerns with them. They may be able to help you.

Click on Atlassian Support to open a ticket with Atlassian.

Hope this helps!

Like
Vu Tran
Vu Tran February 7, 2018

Hi Fadoua:

Since we only have a small user group on starter license, Atlassian is no longer provide immediate support for starter license.  We will have to look to the community for the update of this issue.

Thanks again,

-Vu

Like
Tinker Fadoua
Tinker Fadoua
Community Champion
February 7, 2018

Ok Vu let me share your question with other Community Champions see who has some knowledge about your issue. Thanks for your patience!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.