Skip to content

[Security] Bump jackson-databind from 2.13.4 to 2.14.0

Bumps jackson-databind from 2.13.4 to 2.14.0. This update includes a security fix.

Vulnerabilities fixed

Uncontrolled Resource Consumption in Jackson-databind In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Patched versions: 2.14.0-rc1; 2.13.4.1 Affected versions: < 2.14.0-rc1; < 2.13.4.1

Commits


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading