Fix jackson cve (#554)

* Upgrade jackson to 2.10.5
opendistro-for-elasticsearch · Jan 30, 2021 · 53e5dd4 · 53e5dd4
1 parent c037e71
commit 53e5dd4
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/build.gradle b/build.gradle
@@ -272,8 +272,8 @@ dependencies {
     compile 'org.bouncycastle:bcpkix-jdk15on:1.68'
     compile 'org.xerial:sqlite-jdbc:3.32.3.2'
     compile 'com.google.guava:guava:28.2-jre'
-    compile 'com.fasterxml.jackson.core:jackson-annotations:2.10.4'
-    compile 'com.fasterxml.jackson.core:jackson-databind:2.10.4'
+    compile 'com.fasterxml.jackson.core:jackson-annotations:2.10.5'
+    compile 'com.fasterxml.jackson.core:jackson-databind:2.10.5.1'
     compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.13.0'
     compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.13.0'
     compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.9'