Skip to content

Commit ff327ec

Browse files
AhsanSherazahsansheraz-bonial
AhsanSheraz
and
ahsansheraz-bonial
authored
Upgrade Jackson from 3.0.3 to 3.1.0 to fix CVE-2026-29062 (#1236)
jackson-core 3.0.3 is vulnerable to CVE-2026-29062 (Denial of Service via excessive JSON nesting). Upgrade the version.jackson property to 3.1.0 which includes the fix. This bumps jackson-databind and jackson-dataformat-yaml to 3.1.0 as well. Made-with: Cursor Co-authored-by: ahsan.sheraz <ahsan.sheraz@bonial.com>
1 parent 43cbcf7 commit ff327ec

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@
7373
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
7474

7575
<version.itu>1.14.0</version.itu>
76-
<version.jackson>3.0.3</version.jackson>
76+
<version.jackson>3.1.0</version.jackson>
7777
<version.joni>2.2.6</version.joni>
7878
<version.logback>1.5.22</version.logback>
7979
<version.slf4j>2.0.17</version.slf4j>

0 commit comments

Comments
 (0)