From 4ae8f6d9c9f381f01be94348d8167bafff886d11 Mon Sep 17 00:00:00 2001
From: Les Hazlewood <121180+lhazlewood@users.noreply.github.com>
Date: Thu, 11 Jul 2019 16:05:52 -0400
Subject: [PATCH] Issue 461: upgraded Jackson version to 2.9.9.1. Fixes #461.
---
CHANGELOG.md | 6 ++++++
pom.xml | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f96310ee..31c9331d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@
This patch release fixes a [memory leak](https://github.com/jwtk/jjwt/issues/392) found in the DEFLATE compression
codec implementation.
+It also updates the Jackson dependency version to [2.9.9.1](https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9#patches)
+to address three security vulnerabilities in Jackson:
+[CVE-2019-12086](https://nvd.nist.gov/vuln/detail/CVE-2019-12086),
+[CVE-2019-12384](https://nvd.nist.gov/vuln/detail/CVE-2019-12384), and
+[CVE-2019-12814](https://nvd.nist.gov/vuln/detail/CVE-2019-12814).
+
### 0.10.6
This patch release updates the jackson-databind version to 2.9.8 to address a critical security vulnerability in that
diff --git a/pom.xml b/pom.xml
index 691f0743..88dc6a7c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -88,7 +88,7 @@
UTF-8
${user.name}-${maven.build.timestamp}
- 2.9.8
+ 2.9.9.1
20180130