There is new vulnerability CVE-2022-42003 with the jackson-databind version used by logstash-logback-encoder. Please upgrade the jackson version to [2.14.0-rc1]

Thanks for reporting.

This vulnerability affects Jackson when it is used to read JSON data and map it to POJO.
LLE uses Jackson to produce JSON and is therefore not affected by this CVE.

Anyway, the dependency will be upgrade to 2.14.0 when it is released.

jackson-databind 2.14.x is released. Do you have any timelines to upgrade the latest dependency?