Skip to content

Suppress Jackson Databind 2.18.8 for CVE-2026-54515#315

Merged
suddendust merged 5 commits into
mainfrom
suddendust-patch-1
Jul 2, 2026
Merged

Suppress Jackson Databind 2.18.8 for CVE-2026-54515#315
suddendust merged 5 commits into
mainfrom
suddendust-patch-1

Conversation

@suddendust

@suddendust suddendust commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Ref: https://nvd.nist.gov/vuln/detail/CVE-2026-54515 and GHSA-5jmj-h7xm-6q6v

Edit: Looks like none of the versions is released to maven central yet, thus the build is failing: https://repo.maven.apache.org/maven2/com/fasterxml/jackson/core/jackson-databind/

Added a suppression to handle this.

@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.44%. Comparing base (37632d1) to head (329e066).

Additional details and impacted files
@@            Coverage Diff            @@
##               main     #315   +/-   ##
=========================================
  Coverage     81.44%   81.44%           
  Complexity     1550     1550           
=========================================
  Files           242      242           
  Lines          7517     7517           
  Branches        726      726           
=========================================
  Hits           6122     6122           
  Misses          943      943           
  Partials        452      452           
Flag Coverage Δ
integration 81.44% <ø> (ø)
unit 55.52% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown

Test Results

  124 files  ±0    124 suites  ±0   32s ⏱️ ±0s
  840 tests ±0    839 ✅ ±0  1 💤 ±0  0 ❌ ±0 
1 176 runs  ±0  1 175 ✅ ±0  1 💤 ±0  0 ❌ ±0 

Results for commit 329e066. ± Comparison against base commit 37632d1.

♻️ This comment has been updated with latest results.

@suddendust suddendust changed the title Upgrade Jackson Databind for CVE-2026-54515 Suppress Jackson Databind 2.18.8 for CVE-2026-54515 Jul 2, 2026
@suddendust suddendust merged commit 555277c into main Jul 2, 2026
9 of 11 checks passed
@suddendust suddendust deleted the suddendust-patch-1 branch July 2, 2026 11:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants