Upgrade to Jackson 2.11.1

joschi · joschi · commit 7c404c58b0a7 · 2020-06-29T10:40:50.000+02:00
Jackson 2.9.x had and still gets a lot of CVEs because of how it handles deserialization of polymorphic types. This has been fixed in Jackson 2.10.x and 2.11.x, so upgrading will safe this project from (unnecessary) security alerts. * https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 * https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba
diff --git a/core/pom.xml b/core/pom.xml
@@ -42,11 +42,11 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.10.4</version>
+            <version>2.11.1</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.findbugs</groupId>
             <artifactId>jsr305</artifactId>
         </dependency>
     </dependencies>
-</project>
+</project>
