Closed tjquinno closed 6 years ago
Release 2.15.0 depends on jackson-databind 2.8.10, which is reported as being vulnerable to CVE-2017-17485, CVE-2018-7489, CVE-2018-5968...resolved in 2.8.11.1 and 2.9.4 and later.
Any plans to update this dependency?
I'm working on it
Done, should be available on maven central soon as 2.16.0
Release 2.15.0 depends on jackson-databind 2.8.10, which is reported as being vulnerable to CVE-2017-17485, CVE-2018-7489, CVE-2018-5968...resolved in 2.8.11.1 and 2.9.4 and later.
Any plans to update this dependency?