We have updated the jackson-databind library in our Java SDKs due to a vulnerability reported recently. Please generate a new Java SDK from APIMatic to get the fix.
Details
The following vulnerability, detailed in CVE-2019-16335, was reported in the version 2.9.9 of the jackson-databind library that we were using:
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
Remediation
The library com.fasterxml.jackson.core:jackson-databind needs to be updated to version 2.9.10. For example:
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>[2.9.10,)</version>
</dependency>
You can generate a new Java SDK from APIMatic to receive this fix.