File tree Expand file tree Collapse file tree 2 files changed +12
-3
lines changed Expand file tree Collapse file tree 2 files changed +12
-3
lines changed Original file line number Diff line number Diff line change 132132 <dependency >
133133 <groupId >com.fasterxml.jackson.core</groupId >
134134 <artifactId >jackson-databind</artifactId >
135- <version >${jackson-version} </version >
135+ <version >${jackson-databind- version} </version >
136136 <exclusions >
137137 <exclusion >
138138 <groupId >com.fasterxml.jackson.core</groupId >
149149 <groupId >com.fasterxml.jackson.core</groupId >
150150 <artifactId >jackson-annotations</artifactId >
151151 </exclusion >
152+ <exclusion >
153+ <groupId >jakarta.activation</groupId >
154+ <artifactId >jakarta.activation-api</artifactId >
155+ </exclusion >
152156 </exclusions >
153157 <scope >test</scope >
154158 </dependency >
Original file line number Diff line number Diff line change 518518 <dependency >
519519 <groupId >com.fasterxml.jackson.core</groupId >
520520 <artifactId >jackson-databind</artifactId >
521- <version >${jackson-version} </version >
521+ <version >${jackson-databind- version} </version >
522522 </dependency >
523523 <dependency >
524524 <groupId >com.fasterxml.jackson.dataformat</groupId >
621621 <servlet-api-version >2.5</servlet-api-version >
622622 <jersey-version >1.13</jersey-version >
623623 <jersey2-version >2.25.1</jersey2-version >
624- <jackson-version >2.11.1</jackson-version >
624+ <jackson-version >2.13.2</jackson-version >
625+ <!--
626+ jackson-databind 2.13.2 is still affected by CVE-2020-36518.
627+ This version pin for jackson-databind can be removed when bumping jackson to 2.14
628+ -->
629+ <jackson-databind-version >2.13.2.2</jackson-databind-version >
625630 <logback-version >1.2.9</logback-version >
626631 <reflections-version >0.9.11</reflections-version >
627632 <guava-version >31.0.1-android</guava-version >
You can’t perform that action at this time.
0 commit comments