Skip to content

Commit 6bd77cb

Browse files
UID2-7364: Revert jackson-databind to 2.14.2 to avoid downstream breakage
The 2.19.0 upgrade broke other services consuming this shared jar. CVE-2026-54512 / CVE-2026-54513 are suppressed via .trivyignore until an upstream patch is released. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent f4392a3 commit 6bd77cb

1 file changed

Lines changed: 1 addition & 6 deletions

File tree

pom.xml

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -206,15 +206,10 @@
206206
<artifactId>cbor</artifactId>
207207
<version>0.9</version>
208208
</dependency>
209-
<dependency>
210-
<groupId>com.fasterxml.jackson.core</groupId>
211-
<artifactId>jackson-core</artifactId>
212-
<version>2.19.0</version>
213-
</dependency>
214209
<dependency>
215210
<groupId>com.fasterxml.jackson.core</groupId>
216211
<artifactId>jackson-databind</artifactId>
217-
<version>2.19.0</version>
212+
<version>2.14.2</version>
218213
</dependency>
219214
<dependency>
220215
<groupId>org.projectlombok</groupId>

0 commit comments

Comments
 (0)