search

vert-x3 / vertx-dependencies

Defines the versions of the Vert.x components of the Vert.x stack.
Apache License 2.0
12 stars 40 forks source link

Jackson 2.14.0 #105

Closed julianladisch closed 1 year ago

julianladisch commented 1 year ago

Upgrade Jackson from 2.13.4 to 2.14.0.

Full change list: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.14#full-change-list It contains a security fix: Fixing Denial of Service (DoS) vulnerability when the non-default UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled: https://nvd.nist.gov/vuln/detail/CVE-2022-42003

julianladisch commented 1 year ago

Fixes https://github.com/eclipse-vertx/vert.x/issues/4514

pmlopes commented 1 year ago

Sorry, totally missed this PR and did a new one!