search

java-deobfuscator / deobfuscator

The real deal
https://javadeobfuscator.com
Apache License 2.0
1.55k stars 289 forks source link

fix(sec): upgrade jackson-databind to 2.12.6.1 #938

Closed Wninayyds closed 1 year ago

Wninayyds commented 1 year ago

Upgrade jackson-databind from 2.9.1 to 2.12.6.1 for vulnerability fix:

Janmm14 commented 1 year ago

btw not a security issue here, as all we read is a user-defined file

Huoxi-any commented 1 year ago

I tink ideally, no insecure libs should be used

Janmm14 commented 1 year ago

I tink ideally, no insecure libs should be used

sure, thats why i wrote "btw"