Update dependency on jackson-databind to 2.8.11.1 or later?

jurmous / etcd4j

Java / Netty client for etcd, the highly-available key value store for shared configuration and service discovery.

Apache License 2.0

267 stars 83 forks source link

Update dependency on jackson-databind to 2.8.11.1 or later? #177

Closed tjquinno closed 6 years ago

tjquinno commented 6 years ago

Release 2.15.0 depends on jackson-databind 2.8.10, which is reported as being vulnerable to CVE-2017-17485, CVE-2018-7489, CVE-2018-5968...resolved in 2.8.11.1 and 2.9.4 and later.

Any plans to update this dependency?

lburgazzoli commented 6 years ago

I'm working on it

lburgazzoli commented 6 years ago

Done, should be available on maven central soon as 2.16.0