Skip to content

Commit 0526062

Browse files
petrukipetruki
authored
patch: vulnerability introduced through jackson.core WS-2026-0003 (#391)
1 parent f26434a commit 0526062

1 file changed

Lines changed: 22 additions & 1 deletion

File tree

pom.xml

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@
6161
<!-- utils -->
6262
<commons-lang3.version>3.20.0</commons-lang3.version>
6363
<commons-net.version>3.13.0</commons-net.version>
64-
<slf4j-api.version>2.0.17</slf4j-api.version>
64+
<slf4j-api.version>2.0.18</slf4j-api.version>
6565

6666
<!-- test -->
6767
<okhttp.version>5.3.2</okhttp.version>
@@ -184,6 +184,27 @@
184184
</dependency>
185185
</dependencies>
186186

187+
<dependencyManagement>
188+
<dependencies>
189+
<!-- Pin jackson.core: patch WS-2026-0003 Transitive Insufficient Information Vulnerability -->
190+
<dependency>
191+
<groupId>com.fasterxml.jackson.core</groupId>
192+
<artifactId>jackson-core</artifactId>
193+
<version>2.21.3</version>
194+
</dependency>
195+
<dependency>
196+
<groupId>com.fasterxml.jackson.core</groupId>
197+
<artifactId>jackson-databind</artifactId>
198+
<version>2.21.3</version>
199+
</dependency>
200+
<dependency>
201+
<groupId>com.fasterxml.jackson.core</groupId>
202+
<artifactId>jackson-annotations</artifactId>
203+
<version>2.21</version>
204+
</dependency>
205+
</dependencies>
206+
</dependencyManagement>
207+
187208
<profiles>
188209
<profile>
189210
<id>coverage</id>

0 commit comments

Comments
 (0)