diff options
author | Assad Riaz <assad.riaz@bouvet.no> | 2019-02-26 14:18:41 +0100 |
---|---|---|
committer | Assad Riaz <assad.riaz@bouvet.no> | 2019-02-26 14:18:41 +0100 |
commit | 9a85a665687b5b7f8114cfefb631991be82c2952 (patch) | |
tree | 01d44da6e938ef580aa30c01836c822fc650df36 | |
parent | 64013e13f8ec6aa0ab407323337643d59c43d54a (diff) | |
download | geojson-jackson-9a85a665687b5b7f8114cfefb631991be82c2952.tar.gz |
fasterxml jakson dependency update CVE-2018-19361: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
-rw-r--r-- | pom.xml | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -42,23 +42,24 @@ <properties> <java-version>1.6</java-version> + <jackson-version>2.9.8</jackson-version> </properties> <dependencies> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> - <version>2.9.6</version> + <version>${jackson-version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> - <version>2.9.6</version> + <version>${jackson-version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> - <version>2.9.6</version> + <version>${jackson-version}</version> </dependency> <dependency> <groupId>org.mockito</groupId> |