[security] Upgrade Jackson Databind to 2.9.7 or higher

Question

[security] Upgrade Jackson Databind to 2.9.7 or higher

Closed this issue 3 years ago · 2 comments

Jackson Databind version 2.9.5 has a security vulnerability, see here: https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451

Please upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.7 or higher.

Answer 1 · 2018-11-04T18:53:00.000Z

Hello

Thanks for your PR.
Can you pick your commit to apply it against the branch releases/1.4.x ?
So the fix can be released has an hotfix.

Answer 2 · 2021-03-02T00:05:54.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.