Modify POM dependency jackson-databind vulnerable

jwtk / jjwt

Java JWT: JSON Web Token for Java and Android

Apache License 2.0

10.24k stars 1.32k forks source link

Modify POM dependency jackson-databind vulnerable #761

Closed alicursi1980 closed 1 year ago

alicursi1980 commented 1 year ago

I lhazlewood, In my project I used this fantastic library for mitigation crsf vulnerability. The current pom.xml (branche master) has two vulnerabilities in the dependency jackson-databind

CVE-2022-42004 CVE-2022-42003 https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.12.7

I'd like to modify this pom to the version 2.12.7.1

Thanks Angelo

lhazlewood commented 1 year ago

@alicursi1980 thanks so much for checking! There's an open PR #750 that does exactly this. I wasn't aware that the GitHub Actions build didn't run for the PR, but once it does, and it passes, we'll merge it.