ind1go
commented
5 years ago I'm not particularly inclined because the vulnerabilities are not in bits of jackson-databind that we use, it's just that if our plugin is being scanned by consumers it may flag up the CVEs. I think we could probably wait a little while and produce a more worthwhile 0.0.2.
Having been alerted to a vulnerability by Dependabot, this pull request updates to the later security fix.