Hello, I've recently ran a dependency check on the camel-jackson 2.21.0 and it appears that the version of jackson being used (2.8.10) has two High/Severe vulnerabilities.
To fix this for camel-jackson we'll need to upgrade as follows: CVE-2017-17485 - Jackson 2.9.3 or greater CVE-2018-7489 - Jackson 2.9.5 or greater I can see that the parent pom on the mainline has been upgraded to 2.9.4 (as part of spring boot 2 migration), so that covers CVE-2017-17485 'for free' More information available here: https://nvd.nist.gov/vuln/detail/CVE-2017-17485 https://nvd.nist.gov/vuln/detail/CVE-2018-7489 Shall I raise a JIRA to address this (possible as two separate tickets to track both issues?) Thanks, David