Skip to main content

Fix for Vulnerability in Jackson Databind 2.9.9

· One min read

We have updated the jackson-databind library in our Java SDKs due to a vulnerability reported recently. Please generate a new Java SDK from APIMatic to get the fix.


The following vulnerability, detailed in CVE-2019-16335, was reported in the version 2.9.9 of the jackson-databind library that we were using:

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.


The library com.fasterxml.jackson.core:jackson-databind needs to be updated to version 2.9.10. For example:


You can generate a new Java SDK from APIMatic to receive this fix.