[GHSA-2m67-wjpj-xhg9] Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers

[pjfanning]

Updates

• Affected products

Comments
fix is in 3.1.1

[github]

Hi there @cowtowncoder! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[Copilot]

Pull request overview

Updates the GitHub-reviewed advisory for GHSA-2m67-wjpj-xhg9 (Jackson Core document length constraint bypass) to reflect the correct remediation version and affected-version metadata.

Changes:

• Replaces the affected-range terminator from last_affected: 3.1.0 to fixed: 3.1.1.
• Adds affected[].database_specific.last_known_affected_version_range to explicitly capture the last known affected version range (<= 3.1.0).
• Bumps the advisory modified timestamp to reflect the update.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.