Skip to content

com.fasterxml.jackson.core 2.9.9 has a vulnerability

Marek Szuba requested to merge securityfix/com.fasterxml.jackson.core into version/2.5

Created by: muffato

Use case

See and for a description of the vulnerability. I'm not aware of anyone using Java and eHive (I'm only aware of plans to do so) but I thought. Let's patch this and make GitHub happy.


Just bumped to I don't want to define to an open interval as this is version/2.5, which shouldn't get any significant changes, and upstream may break the interface in a 3.* version.

Possible Drawbacks seems compatible, so I can't see any drawbacks


Have you added/modified unit tests to test the changes?

Nothing to change.

Have you run the entire test suite and no regression was detected?

Yes. OK

Merge request reports