https://bugzilla.redhat.com/show_bug.cgi?id=1821311
--- Comment #5 from Anten Skrabec askrabec@redhat.com --- Statement:
Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.
Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.