summaryrefslogtreecommitdiffstats
path: root/container-dependency-versions
diff options
context:
space:
mode:
authorgjoranv <gv@oath.com>2018-09-19 12:28:43 +0200
committergjoranv <gv@oath.com>2018-09-19 12:28:43 +0200
commit08c4b7b7fcb7b1f1f6359cbf4be2effe78ac8667 (patch)
tree4d50d82912b780aeeda09017c8593abd3681be49 /container-dependency-versions
parentb96f3584d897e48932699b97bdce94afdac76449 (diff)
Update jackson to 2.8.11 and jackson-databind to 2.8.11.2
- jackson-databind:2.8.11.2 includes a fix for a deserialization vulnerability.
Diffstat (limited to 'container-dependency-versions')
-rw-r--r--container-dependency-versions/pom.xml5
1 files changed, 3 insertions, 2 deletions
diff --git a/container-dependency-versions/pom.xml b/container-dependency-versions/pom.xml
index 259fcfb8de7..3944fc44cd6 100644
--- a/container-dependency-versions/pom.xml
+++ b/container-dependency-versions/pom.xml
@@ -81,7 +81,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson2.version}</version>
+ <version>${jackson-databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
@@ -475,7 +475,8 @@
<!-- and then verify by doing: ' ls -l vespa/vespa_jersey2/target/dependency' -->
<hk2.version>2.5.0-b32</hk2.version>
<hk2.osgi-resource-locator.version>1.0.1</hk2.osgi-resource-locator.version>
- <jackson2.version>2.8.4</jackson2.version>
+ <jackson2.version>2.8.11</jackson2.version>
+ <jackson-databind.version>${jackson2.version}.2</jackson-databind.version>
<javassist.version>3.20.0-GA</javassist.version>
<javax.annotation-api.version>1.2</javax.annotation-api.version>
<javax.validation-api.version>1.1.0.Final</javax.validation-api.version>