[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518 (#584)

2022-04-07 18:11:24 +08:00 · 2022-04-07 18:11:24 +08:00 · 7fa24c3206
parent 56d64ef5c2
commit 7fa24c3206
1 changed files with 3 additions and 2 deletions
--- a/pom.xml
+++ b/pom.xml
@ -61,7 +61,8 @@
        <netty.tcnative.version>2.0.34.Final</netty.tcnative.version>
        <gson.version>2.8.9</gson.version>
        <powermock.version>1.6.6</powermock.version>
-        <jackson.version>2.12.3</jackson.version>
+        <jackson-annotations.version>2.13.2</jackson-annotations.version>
+        <jackson.version>2.13.2.2</jackson.version>
        <trove4j.version>3.0.1</trove4j.version>
        <jetcd.version>0.4.1</jetcd.version>
        <joda-time.version>2.9.9</joda-time.version>
@ -177,7 +178,7 @@
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-annotations</artifactId>
-            <version>${jackson.version}</version>
+            <version>${jackson-annotations.version}</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>