Upgrade to Jackson 2.9.10.6 (#1708)

https://nvd.nist.gov/vuln/detail/CVE-2020-24750 https://nvd.nist.gov/vuln/detail/CVE-2020-24616 Release notes: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#micro-patches > jackson-databind 2.9.10.6 (24-Aug-2020) -- with jackson-bom version 2.9.10.20200824 > > * FasterXML/jackson-databind#2798: Block one more gadget type (com.pastdev.httpcomponents, CVE-2020-24750 > * FasterXML/jackson-databind#2814: Block one more gadget type (Anteros-DBCP, CVE-2020-24616) > * FasterXML/jackson-databind#2826: Block one more gadget type (com.nqadmin.rowset) > * FasterXML/jackson-databind#2827: Block one more gadget type (org.arrahtec:profiler-core)
dropwizard · Nov 11, 2020 · e5831a8 · e5831a8
1 parent 5a6926b
commit e5831a8
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/metrics-json/pom.xml b/metrics-json/pom.xml
@@ -17,7 +17,7 @@
 
     <properties>
         <javaModuleName>com.codahale.metrics.json</javaModuleName>
-        <jackson.version>2.9.10.5</jackson.version>
+        <jackson.version>2.9.10.6</jackson.version>
     </properties>
 
     <dependencyManagement>

diff --git a/metrics-servlets/pom.xml b/metrics-servlets/pom.xml
@@ -20,7 +20,7 @@
         <javaModuleName>com.codahale.metrics.servlets</javaModuleName>
         <papertrail.profiler.version>1.1.1</papertrail.profiler.version>
         <servlet.version>3.1.0</servlet.version>
-        <jackson.version>2.9.10.5</jackson.version>
+        <jackson.version>2.9.10.6</jackson.version>
     </properties>
 
     <dependencyManagement>