https://bugzilla.redhat.com/show_bug.cgi?id=1758167
--- Comment #4 from Anten Skrabec askrabec@redhat.com --- Statement: Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.