From 98794615f346c753a94fa5f63f7cbc67792af4c1 Mon Sep 17 00:00:00 2001
From: Amichai Hemli <amichai.hemli@intl.att.com>
Date: Mon, 16 Sep 2019 10:53:47 +0300
Subject: Upgrade FasterXML/Jackson to version 2.9.9.3

FasterXML jackson-databind versions 2.x through 2.9.9.1 are vulnerable.
we will use 2.9.9.3 for jackson-databind only
Issue-ID: VID-640

Signed-off-by: Amichai Hemli <amichai.hemli@intl.att.com>
Change-Id: I537cb83ad787522b75fdee59ffabb51def747096
---
 vid-ext-services-simulator/pom.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'vid-ext-services-simulator')

diff --git a/vid-ext-services-simulator/pom.xml b/vid-ext-services-simulator/pom.xml
index 8cb3c37b8..b3179cf5e 100644
--- a/vid-ext-services-simulator/pom.xml
+++ b/vid-ext-services-simulator/pom.xml
@@ -14,7 +14,8 @@
         <encoding>UTF-8</encoding>
         <springframework.version>5.1.9.RELEASE</springframework.version>
         <hibernate.version>5.3.4.Final</hibernate.version>
-        <jackson.version>2.9.8</jackson.version>
+        <jackson.version>2.9.9</jackson.version>
+        <jackson.databind.version>2.9.9.3</jackson.databind.version>
         <!-- Skip assembling the zip by default -->
         <skipassembly>true</skipassembly>
         <!-- Tests usually require some setup that maven cannot do, so skip. -->
@@ -142,7 +143,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>${jackson.version}</version>
+            <version>${jackson.databind.version}</version>
         </dependency>
         <dependency>
             <groupId>javax.xml.bind</groupId>
-- 
cgit 1.2.3-korg