Skip to content

Commit 2b02de3

Browse files
update jackson-databind (transitive dependency of java-jwt)
1 parent 5455940 commit 2b02de3

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,12 @@
7171
<artifactId>java-jwt</artifactId>
7272
<version>${jwt.version}</version>
7373
</dependency>
74+
<dependency>
75+
<!-- fix for CVE-2022-42003, CVE-2022-42004 in java-jwt - can be removed when we update java-jwt: -->
76+
<groupId>com.fasterxml.jackson.core</groupId>
77+
<artifactId>jackson-databind</artifactId>
78+
<version>2.14.0-rc1</version>
79+
</dependency>
7480
<dependency>
7581
<groupId>com.google.dagger</groupId>
7682
<artifactId>dagger</artifactId>

0 commit comments

Comments
 (0)