fasterxml jakson dependency update CVE-2018-19361: FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

author: Assad Riaz <assad.riaz@bouvet.no> 2019-02-26 14:18:41 +0100
committer: Assad Riaz <assad.riaz@bouvet.no> 2019-02-26 14:18:41 +0100
commit: 9a85a665687b5b7f8114cfefb631991be82c2952 (patch)
tree: 01d44da6e938ef580aa30c01836c822fc650df36
parent: 64013e13f8ec6aa0ab407323337643d59c43d54a (diff)
download: geojson-jackson-9a85a665687b5b7f8114cfefb631991be82c2952.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/pom.xml b/pom.xml
index 1143eb1..1e7606c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,23 +42,24 @@
 
 	<properties>
 		<java-version>1.6</java-version>
+		<jackson-version>2.9.8</jackson-version>
 	</properties>
 
 	<dependencies>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.9.6</version>
+			<version>${jackson-version}</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.9.6</version>
+			<version>${jackson-version}</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-annotations</artifactId>
-			<version>2.9.6</version>
+			<version>${jackson-version}</version>
 		</dependency>
 		<dependency>
 			<groupId>org.mockito</groupId>
author	Assad Riaz <assad.riaz@bouvet.no>	2019-02-26 14:18:41 +0100
committer	Assad Riaz <assad.riaz@bouvet.no>	2019-02-26 14:18:41 +0100
commit	9a85a665687b5b7f8114cfefb631991be82c2952 (patch)
tree	01d44da6e938ef580aa30c01836c822fc650df36
parent	64013e13f8ec6aa0ab407323337643d59c43d54a (diff)
download	geojson-jackson-9a85a665687b5b7f8114cfefb631991be82c2952.tar.gz