Hi Based on the https://www.cvedetails.com/cve/CVE-2019-17267/, there is a security issue located in the jackson-databind introduced by the Spring-web-starter.
I have submitted the PR[1] to upgrade the dependency and fix the issue. [1] https://github.com/apache/skywalking/pull/4565 Sheng Wu 吴晟 Twitter, wusheng1108
