A lot of CVEs have gotten fixed in jackson-databind 2.9.10.4, for example, the followings:
* CVE-2019-16942 * CVE-2019-16943 * CVE-2019-17267 * CVE-2019-17531 Currently, we have to suppress these vulnerabilities otherwise our builds would fail. Jackson-Release-2.9 micro patches list page shows the following: "jackson-databind 2.9.10.4 (NOT YET RELEASED)" Could we have any lead about when the jackson-databind 2.9.10.4 is going to get released? Many thanks! -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/53cb845d-fd41-4cd5-b82f-862c233d748b%40googlegroups.com.
