Skip to content

Upgrade Jackson Databind Version

David Diederich requested to merge upgrade-jackson-databind into master

This MR upgrades the Jackson Databind version to address CVE-2020-36518.

In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tagging Notes didn't catch it (because it coerces versions into a triplet).

Dependency Information After the Upgrade

Branch: upgrade-jackson-databind
SHA:    7cde780c48d07eec1131a99fa4859c4af3df6b58
Maven:  0.16.0-SNAPSHOT
Maven Dependencies Root
os-core-common 0.15.0
(3rd Party) com.fasterxml.jackson.core.jackson-databind
Edited by David Diederich

Merge request reports