Robin Roos
Reputation: 100
SpringBoot: Jackson 2.9.7 -> Jackson 2.9.8+
The Spring Boot 2.1.1 managed version of Jackson is 2.9.7 which is superseded by Jackson 2.9.8. Our build is reporting exploitable vulnerabilities related to the older Jackson version.
If this point change in the managed dependency version cannot be accommodated promptly by Spring, is there a property I can set to force the version bump in my build.gradle?
Upvotes: 0
Views: 436
Answers (1)
Stephane Nicoll
Reputation: 33151
Yes there is and it is even documented:
To customize a managed version you set its corresponding property.
To customize Jackson, you can add the following to your build:
ext['jackson.version'] = '2.9.8'
Jackson 2.9.8 has been upgraded and will be available as of 2.0.8.RELEASE due next week.
Upvotes: 1
Related Questions
- spring boot change jackson dependancy version
- How to configure Jackson in spring boot application without overriding springs default setting in pure java
- Jackson version with Maven in SpringBoot 2.3
- Jackson conversion problem with spring boot version 2.2.3 and above
- Spring Boot 2.0.0.RC1 and com.fasterxml.jackson dependecy
- Spring 4.3.5 and Jackson 2.8.7 are not working properly
- Jackson tries to use all argument constructor since update to 2.8.1
- Jackson with Spring Boot
- Jackson annotations not used with Spring boot
- Jackson version incompatibility?