[close tikv#567] upgrade jackson-databind to 2.13.2.2 to fix CVE-2020…

…-36518 (tikv#584) (tikv#585) Co-authored-by: iosmanthus <[email protected]> Co-authored-by: iosmanthus <[email protected]>
AmoebaProtozoa · Apr 7, 2022 · d0a3218 · d0a3218
1 parent 1dc906b
commit d0a3218
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/pom.xml b/pom.xml
@@ -65,8 +65,8 @@
         <grpc.version>1.38.0</grpc.version>
         <gson.version>2.8.9</gson.version>
         <powermock.version>1.6.6</powermock.version>
-        <jackson.version>2.10.5</jackson.version>
-        <jackson.databind.version>2.10.5.1</jackson.databind.version>
+        <jackson-annotations.version>2.13.2</jackson-annotations.version>
+        <jackson.version>2.13.2.2</jackson.version>
         <trove4j.version>3.0.1</trove4j.version>
         <jetcd.version>0.4.1</jetcd.version>
         <joda-time.version>2.9.9</joda-time.version>
@@ -179,12 +179,12 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>${jackson.version}</version>
+            <version>${jackson-annotations.version}</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>${jackson.databind.version}</version>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
             <groupId>io.etcd</groupId>