From 42e70ed50a3ff04fa15de50ef8f8117722bc8875 Mon Sep 17 00:00:00 2001 From: Mark Lambert Date: Tue, 1 Nov 2022 16:01:18 -0400 Subject: [PATCH] Upgrade com.fasterxml.jackson.core:jackson-databind:2.13.3 to v2.13.4 (#89) * Upgrade com.fasterxml.jackson.core:jackson-databind:2.13.3 to v2.13.4.2 to address CVE-2022-42003 and CVE-2022-42004 --- README.md | 3 +++ build.gradle | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 44c1a0b..2e4c99a 100644 --- a/README.md +++ b/README.md @@ -482,6 +482,9 @@ public static String UriEncode(CharSequence input, boolean encodeSlash) { ### Release 1.1.5 +- Update dependencies to address the following security vulnerabilities. + * CVE-2022-42003 + * CVE-2022-42004 - Add support for multi-classloader environments, such as Apache Flink ([#36](https://github.com/aws/aws-msk-iam-auth/issues/36)) ### Release 1.1.4 diff --git a/build.gradle b/build.gradle index ab06c53..c157cf9 100644 --- a/build.gradle +++ b/build.gradle @@ -48,7 +48,7 @@ dependencies { implementation('software.amazon.awssdk:auth') implementation('software.amazon.awssdk:sso') implementation('software.amazon.awssdk:sts') - implementation('com.fasterxml.jackson.core:jackson-databind:2.13.3') + implementation('com.fasterxml.jackson.core:jackson-databind:2.13.4.2') implementation('org.slf4j:slf4j-api:1.7.25') runtimeOnly('software.amazon.awssdk:apache-client')