search

bjornharrtell / jts2geojson

JTS from/to GeoJSON converter for Java
MIT License
138 stars 56 forks source link

Replace vulnerable jackson-databind #46

Closed junquero closed 1 year ago

junquero commented 2 years ago

jackson-databind 2.13.2 has the CVE-2020-36518 which is fixed in 2.13.2.1 and newer.

To avoid integration issues, instead of replacing with 2.14, I suggest to use the same minor version including the fix of the CVE.

bjornharrtell commented 1 year ago

This is done and released as 0.18.1