Version 2.9.10.2 of `jackson-databind` now released, on its way to Maven Central. I also released matching `jackson-bom` with version `2.9.10.20200103`.
-+ Tatu +- On Thu, Jan 2, 2020 at 4:51 PM Tatu Saloranta <[email protected]> wrote: > On Thu, Jan 2, 2020 at 4:37 PM Radek Kraus <[email protected]> wrote: > >> Hello, >> is there a plan to release jackson-databind:2.9.10.2? >> Release, which fixed CVE vulnerabilities ( >> https://github.com/FasterXML/jackson-databind/issues/2526) >> >> > Yeah -- I have been waiting to see if there are any other fixes, but might > as well go ahead and release it now, followed soon by 2.10.2. Latter will > hopefully allow others who are stuck with 2.9 to upgrade, and get out of > CVE-update-cycle. > > -+ Tatu +- > > > -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/CAGrxA24qO9S6_rdhF7g8kDeY-yr%3DdEwHTGTwsA8JY3ZoJLe4RQ%40mail.gmail.com.
