search

braintree / braintree_java

Braintree Java library
https://developer.paypal.com/braintree/docs/start/overview
MIT License
158 stars 99 forks source link

Update jackson-jr-objects to 2.9.9 #75

Closed sehrope closed 4 years ago

sehrope commented 4 years ago

Summary

Bumps jackson-qr-objects to v2.9.9.

There's an open CVE on the older version of Jackson: https://nvd.nist.gov/vuln/detail/CVE-2018-11307

The wildcard pattern matches the jackson-jr-objects library used by braintree_java. I'm not sure if it's meant to be included and, if it is, I don't think there's any security issue with the usage of the older version as braintree_java only deserializes via JSON.std.mapFrom(...), but would be nice to have this closed out anyway.

Checklist

crookedneighbor commented 4 years ago

Sorry for the wait. Thanks for making this change!