Closed junquero closed 1 year ago
jackson-databind 2.13.2 has the CVE-2020-36518 which is fixed in 2.13.2.1 and newer.
To avoid integration issues, instead of replacing with 2.14, I suggest to use the same minor version including the fix of the CVE.
This is done and released as 0.18.1
jackson-databind 2.13.2 has the CVE-2020-36518 which is fixed in 2.13.2.1 and newer.
To avoid integration issues, instead of replacing with 2.14, I suggest to use the same minor version including the fix of the CVE.