Fix for Vulnerability in Jackson Databind 2.9.9
|Release Date||Sep 27, 2019|
We have updated the
jackson-databind library in our Java SDKs due to a vulnerability reported recently. Please generate a new Java SDK from APIMatic to get the fix.
The following vulnerability, detailed in CVE-2019-16335, was reported in the version
2.9.9 of the
jackson-databind library that we were using:
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
com.fasterxml.jackson.core:jackson-databind needs to be updated to version
2.9.10. For example:
<dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>[2.9.10,)</version> </dependency>
You can generate a new Java SDK from APIMatic to receive this fix.
Have questions? Submit a request.