[security] Upgrade Jackson Databind to 2.9.7 or higher
Closed this issue · 2 comments
sumerjabri commented
Jackson Databind version 2.9.5 has a security vulnerability, see here: https://app.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-72451
Please upgrade com.fasterxml.jackson.core:jackson-databind
to version 2.9.7 or higher.
bguerout commented
Hello
Thanks for your PR.
Can you pick your commit to apply it against the branch releases/1.4.x
?
So the fix can be released has an hotfix.
stale commented
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.