Jackson Faster-xml vulnerability.

CVE-2019-14439 Information Disclosure Vulnerability FasterXML Jackson-databind is prone to an information-disclosure vulnerability that occurs due to a polymorphic typing issue. Specifically, this issue occurs when an externally exposed JSON endpoint has default typing enabled and has logback jar in the classpath. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Issue-ID: MUSIC-504 Signed-off-by: Thomas Nelson (arthurdent3) <nelson24@att.com> Signed-off-by: Thomas Nelson (arthurdent3) <nelson24@att.com> Change-Id: I2c31986ff2d792d482f84406e96c47dbf652f32f
author: Thomas Nelson (arthurdent3) <nelson24@att.com> 2019-09-17 09:49:58 -0400
committer: Thomas Nelson (arthurdent3) <nelson24@att.com> 2019-09-17 09:52:53 -0400
commit: 5a742d9e9dce7c3da9ba193d61f0505e7cc57ec5 (patch)
tree: 46f8f560821c1de4082740cdb4bf05b54f0d8a2b /pom.xml
parent: f96ce582847ffde86516d131fd3857023b8ae66a (diff)
1 files changed, 9 insertions, 9 deletions
diff --git a/pom.xml b/pom.xml
index f8ab95a2..11b999ad 100755
--- a/pom.xml
+++ b/pom.xml
@@ -27,7 +27,7 @@
     <groupId>org.onap.music</groupId>
     <artifactId>MUSIC</artifactId>
     <packaging>jar</packaging>
-    <version>3.2.35-SNAPSHOT</version>
+    <version>3.2.36-SNAPSHOT</version>
     <description>
             This is the MUSIC REST interface, packaged as a Springboot jar file.
     </description>
@@ -37,7 +37,7 @@
         <artifactId>oparent</artifactId>
         <version>2.0.0</version>
         <relativePath/>
-    </parent> 
+    </parent>
 
     <dependencyManagement>
         <dependencies>
@@ -338,7 +338,7 @@
             <groupId>com.datastax.cassandra</groupId>
             <artifactId>cassandra-driver-core</artifactId>
             <version>${cassandra.version}</version>
-        </dependency> 
+        </dependency>
         <!-- /Cassandra -->
         <!-- Jersey -->
         <dependency>
@@ -436,22 +436,22 @@
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
-            <version>2.9.8</version>
+            <version>2.9.9</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.8</version>
+            <version>2.9.9.2</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>
-            <version>2.9.8</version>
+            <version>2.9.9</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>2.9.8</version>
+            <version>2.9.9</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
@@ -654,8 +654,8 @@
                 </plugins>
             </build>
         </profile>
-        <profile> 
-            <id>default</id> 
+        <profile>
+            <id>default</id>
         </profile>
     </profiles>
     <distributionManagement>
author	Thomas Nelson (arthurdent3) <nelson24@att.com>	2019-09-17 09:49:58 -0400
committer	Thomas Nelson (arthurdent3) <nelson24@att.com>	2019-09-17 09:52:53 -0400
commit	5a742d9e9dce7c3da9ba193d61f0505e7cc57ec5 (patch)
tree	46f8f560821c1de4082740cdb4bf05b54f0d8a2b /pom.xml
parent	f96ce582847ffde86516d131fd3857023b8ae66a (diff)