Bump Jackson dependency version to 2.9.10.3

emlun · emlun · commit 59245209640f · 2020-03-05T12:22:50.000+01:00
diff --git a/NEWS b/NEWS
@@ -1,3 +1,11 @@
+== Version 1.6.1 (unreleased) ==
+
+Security fixes:
+
+- Bumped Jackson dependency to version 2.9.10.3 in response to CVE-2019-20330
+  and CVE-2020-8840
+
+
 == Version 1.6.0 ==
 
 Security fixes:
diff --git a/build.gradle b/build.gradle
@@ -51,7 +51,7 @@ allprojects {
 Map<String, String> dependencyVersions = [
   'ch.qos.logback:logback-classic:1.2.3',
   'com.augustcellars.cose:cose-java:1.0.0',
-  'com.fasterxml.jackson.core:jackson-databind:2.9.10.1',
+  'com.fasterxml.jackson.core:jackson-databind:2.9.10.3',
   'com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:2.9.10',
   'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.10',
   'com.google.guava:guava:19.0',
