Known security vulnerabilities detected in third-party library
draeger opened this issue · 3 comments
draeger commented
Upgrade com.fasterxml.jackson.core:jackson-databind to version 2.9.10.8
Schmoho commented
As far as I can tell, we are currently using version 2.10.1 see here.
However, our THIRD-PARTY.txt is not quite up to date.
It seems this was created by the License Maven Plugin at some point.
Since we are no longer using Maven, we could use a Gradle plugin instead, I have opened a PR to this effect.
Schmoho commented
I am retagging the issue to reflect what transpired to be the issue.
Also, this was already dealt with in the 2.1 branch - so I have added it to the project and moved to Needs Testing
Schmoho commented
has been merged