Update dependency to jackson library due to CVE-2022-42003 and CVE-2022-42004
uap-universe opened this issue · comments
Mike Becker commented
Please update the dependency
com.fasterxml.jackson.core:jackson-databind:2.13.2.2
to
com.fasterxml.jackson.core:jackson-databind:2.14
as soon as it becomes available
(see also: related issue and milestone)
Michael Brackx commented
2.13.4.1 is available with a fix for CVE-2022-42003
see https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13
(and 2.13.4.2 is available also)
Jim Anderson commented
Jim Anderson commented
4.2.1 and 3.19.3 have been released and are available in Maven Central