jackson-databind
jackson-databind copied to clipboard
WS-2021-06-16 vulnerability fix downport to 2.11.x
A vulnerability (WS-2021-0616) was discovered and it is fixed in versions 2.12.6 and 2.13.1. However, as we were told (https://github.com/spring-projects/spring-boot/issues/29569#issuecomment-1021997847) these versions are incompatible with Spring Boot 2.4.13. Therefore, requesting you to clarify if the fix will be downported to jackson 2.11.x version
2.11 branch is closed so it is unlikely that new releases would be made. Theoretically it is of course possible to make micro-patches but given very limited time usage this will be a low priority thing.