[close #567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020-36518 (#584) (#605)

Signed-off-by: iosmanthus <myosmanthustree@gmail.com>
2022-05-30 15:01:38 +08:00 · 2022-05-30 15:01:38 +08:00 · fed0826e81
parent e72ba8b682
commit fed0826e81
1 changed files with 4 additions and 4 deletions
--- a/pom.xml
+++ b/pom.xml
@ -65,8 +65,8 @@
        <grpc.version>1.38.0</grpc.version>
        <gson.version>2.8.9</gson.version>
        <powermock.version>1.6.6</powermock.version>
-        <jackson.version>2.10.5</jackson.version>
-        <jackson.databind.version>2.10.5.1</jackson.databind.version>
+        <jackson-annotations.version>2.13.2</jackson-annotations.version>
+        <jackson.version>2.13.2.2</jackson.version>
        <trove4j.version>3.0.1</trove4j.version>
        <jetcd.version>0.4.1</jetcd.version>
        <joda-time.version>2.9.9</joda-time.version>
@ -179,12 +179,12 @@
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-annotations</artifactId>
-            <version>${jackson.version}</version>
+            <version>${jackson-annotations.version}</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
-            <version>${jackson.databind.version}</version>
+            <version>${jackson.version}</version>
        </dependency>
        <dependency>
            <groupId>io.etcd</groupId>