Magnolia 6.2.25 known issues

Possible runtime issues using jackson (6.2.25 only)

For Magnolia 6.2.25 only, we have upgraded to jackson-databind 2.13.4 so we are not vulnerable to CVE-2022-42004. However, Magnolia 6.2.25 still uses jackson-core 2.12.x and jackson-databind 2.13.4 calls some classes in jackson-core that are only available from 2.13.x. Though the upgrade improves security for Magnolia, you may encounter some runtime issues using jackson.

Workaround

If you are experiencing issues after this update, try rolling back jackson-databind to version 2.12.7.1, which has been released in the meantime and as of October 25 (2022) has not been reported as vulnerable to any CVEs.

See Private BUILD-921 for more details.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules