Upgrade Jackson Databind Version
This MR upgrades the Jackson Databind version to address CVE-2020-36518.
In this case, version 2.13.2 was being selected automatically. That version was still vulnerable, though the Tagging Notes didn't catch it (because it coerces versions into a triplet).
Dependency Information After the Upgrade
Branch: upgrade-jackson-databind
SHA: 7cde780c48d07eec1131a99fa4859c4af3df6b58
Maven: 0.16.0-SNAPSHOT
Maven Dependencies | Root |
---|---|
os-core-common | 0.15.0 |
(3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 |
Edited by David Diederich