Skip to content

RUN-4569 Mitigate Jackson CVE-2026-54512/54513#51

Merged
fdevans merged 1 commit into
mainfrom
RUN-4569-jackson
Jul 3, 2026
Merged

RUN-4569 Mitigate Jackson CVE-2026-54512/54513#51
fdevans merged 1 commit into
mainfrom
RUN-4569-jackson

Conversation

@fdevans

@fdevans fdevans commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Bump rundeck-core to 6.1.0-SNAPSHOT, which pulls patched jackson-databind 2.22.0 transitively, mitigating CVE-2026-54512 / CVE-2026-54513.

Test plan

  • rundeck-core:6.1.0-SNAPSHOT and jackson-databind:2.22.0 resolve on compileClasspath (verified locally).
  • CI build and Snyk scan pass on the branch.

Bump rundeck-core to 6.1.0-SNAPSHOT, which pulls the patched jackson-databind 2.22.0 transitively and mitigates CVE-2026-54512 / CVE-2026-54513.
Copilot AI review requested due to automatic review settings July 1, 2026 16:51

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the plugin’s dependency alignment to mitigate Jackson CVE-2026-54512 / CVE-2026-54513 by moving to a rundeck-core version that pulls in a patched jackson-databind.

Changes:

  • Bumped org.rundeck:rundeck-core version reference to 6.1.0-SNAPSHOT in the Gradle version catalog.

Comment thread gradle/libs.versions.toml
axionRelease = "1.21.2"
groovy = "4.0.32"
rundeckCore = "6.0.0-alpha1-20260407"
rundeckCore = "6.1.0-SNAPSHOT"

@ncofreortiz-hub ncofreortiz-hub left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fdevans fdevans merged commit 24ac63c into main Jul 3, 2026
3 checks passed
@fdevans fdevans deleted the RUN-4569-jackson branch July 3, 2026 02:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants