Update dependency to jackson library due to CVE-2022-42003 and CVE-2022-42004

Question

uap-universe opened this issue 2 years ago · comments

Please update the dependency

com.fasterxml.jackson.core:jackson-databind:2.13.2.2

to

com.fasterxml.jackson.core:jackson-databind:2.14

as soon as it becomes available

Michael Brackx · Answer 1 · Wed Oct 19 2022 21:49:19 GMT+0800 (China Standard Time)

(and 2.13.4.2 is available also)

Jim Anderson · Answer 2 · Mon Oct 24 2022 23:17:05 GMT+0800 (China Standard Time)

Thanks @brackxm. We have made #631 and #630 to bump the versions. We will get patch releases out shortly.

Jim Anderson · Answer 3 · Fri Oct 28 2022 02:32:01 GMT+0800 (China Standard Time)

4.2.1 and 3.19.3 have been released and are available in Maven Central 👍