Issue
- For security reasons we need to update the jackson-databind library from version 2.13.2.2 to 2.13.4.1
- How do I update the jackson-databind library in Liferay DXP?
- Security vulnerabilities in jackson-databind 2.13.2.2: CVE-2022-42003, CVE-2022-42004
Environment
- Liferay DXP 7.2+
Resolution
- The vulnerabilities have been fully fixed with the following LPS-165622
- Please install Liferay DXP 7.3 Update 20+ or Liferay DXP 7.4 Update 53+
- Or request a Hotfix with the LPS-165622
Additional Information
- If the hotfix is required for these concerns, please create a support ticket requesting the hotfix by attaching the patch details.
- Installing Fix Packs and Hotfixes on Liferay DXP will guide you to install the Fixpack/Hotfix in your environment.
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar