Skip to content

Commit 3c2347c

Browse files
m-brophym-brophy
authored
WINDUP-3841: jackson-databind CVE fix (#914)
* jackson-databind CVE fix * force jackson versions to 2.13.4 * jackson version properties added
1 parent bfd9ad3 commit 3c2347c

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

pom.xml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@
3232
<version.wildfly>23.0.2.Final</version.wildfly>
3333
<wildfly.directory>wildfly-${version.wildfly}</wildfly.directory>
3434
<version.resteasy>3.15.1.Final</version.resteasy>
35+
<version.jackson>2.13.4</version.jackson>
36+
<version.jackson.databind>2.13.4.2</version.jackson.databind>
3537
<version.jboss.javaee>1.0.1.Final</version.jboss.javaee>
3638

3739
<windup.web.scm.connection>scm:git:https://github.com/windup/windup-web.git</windup.web.scm.connection>
@@ -203,6 +205,26 @@
203205
<artifactId>resteasy-jackson2-provider</artifactId>
204206
<version>${version.resteasy}</version>
205207
</dependency>
208+
<dependency>
209+
<groupId>com.fasterxml.jackson.core</groupId>
210+
<artifactId>jackson-databind</artifactId>
211+
<version>${version.jackson.databind}</version>
212+
</dependency>
213+
<dependency>
214+
<groupId>com.fasterxml.jackson.core</groupId>
215+
<artifactId>jackson-core</artifactId>
216+
<version>${version.jackson}</version>
217+
</dependency>
218+
<dependency>
219+
<groupId>com.fasterxml.jackson.core</groupId>
220+
<artifactId>jackson-annotations</artifactId>
221+
<version>${version.jackson}</version>
222+
</dependency>
223+
<dependency>
224+
<groupId>com.fasterxml.jackson.jaxrs</groupId>
225+
<artifactId>jackson-jaxrs-json-provider</artifactId>
226+
<version>${version.jackson}</version>
227+
</dependency>
206228
<dependency>
207229
<groupId>org.jboss.arquillian.extension</groupId>
208230
<artifactId>arquillian-drone-bom</artifactId>

0 commit comments

Comments
 (0)