It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jackson JSON library vulnerability CVE-2017-15095

Ethan Jackson Dec 12, 2017

A vulnerability CVE-2017-15095 exists in the Jackson JSON library versions prior to 2.9.2. The recommended solution has been made to upgrade to Jackson 2.9.3.

We are currently running Jira v7.4.3#74005

Here are some of the .jar files that have been pointed out as needed to be remediation.

jackson-databind-2.3.2.jar

jackson-annotations-2.3.0.jar

jackson-core-2.3.2.jar

jackson-mapper-asl-1.9.13-atlassian-1.jar

I'm looking for remediation steps for CVE-2017-15095  but has been unsuccessful in finding any.

1 answer

0 votes
Branden McElveen Atlassian Team Dec 12, 2017

Hi Ethan,


Take a look at the Atlassian Security Advisories page.  Since Jira itself is not using the affected Struts component Jira is not affected by this vulnerability outlined in CVE-2017-15095 on Apache Struts.

Let us know if you have any remaining questions.

Cheers,

Branden

Ethan Jackson Dec 12, 2017

Thank you for the quick response Branden. Would removing these .jar files still allow for JIRA to function without issue for the end user?

JIRA was already installed on the server so I'm not really familiar with the ins and outs of it.  I'm just trying to gather a greater understanding.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Jira Software

Early Access: If you use Jenkins and Jira Software Cloud, you need to read this!

The Jira Software Cloud Team has been busy working on a simple, secure, and reliable way to integrate your build and deployment information from Jenkins with Jira Software Cloud. This means you don’t...

337 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you