Upgrade FasterXML/Jackson to version 2.9.9.3
FasterXML jackson-databind versions 2.x through 2.9.9.1 are vulnerable.
we will use 2.9.9.3 for jackson-databind only
Issue-ID: VID-640
Signed-off-by: Amichai Hemli <amichai.hemli@intl.att.com>
Change-Id: I537cb83ad787522b75fdee59ffabb51def747096
diff --git a/epsdk-app-onap/pom.xml b/epsdk-app-onap/pom.xml
index 5cab377..f9b55f0 100755
--- a/epsdk-app-onap/pom.xml
+++ b/epsdk-app-onap/pom.xml
@@ -26,6 +26,7 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<epsdk.version>2.5.0</epsdk.version>
<jackson.version>2.9.9</jackson.version>
+ <jackson.databind.version>2.9.9.3</jackson.databind.version>
<springframework.version>5.1.9.RELEASE</springframework.version>
<!-- epsdk-core is importing this class, which is only on spring-orm 4 but not in orm 5:
org.springframework.orm.hibernate4.HibernateTransactionManager
@@ -337,7 +338,7 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
- <version>${jackson.version}</version>
+ <version>${jackson.databind.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.module</groupId>