Skip to content

VULN UPGRADE: minor upgrades — 12 packages (minor: 2 · patch: 10) #3562

Open
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/maven/0-1773087737
Open

VULN UPGRADE: minor upgrades — 12 packages (minor: 2 · patch: 10) #3562
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/minorpatch/maven/0-1773087737

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Mar 9, 2026

Summary: High-severity security update — 12 packages upgraded (MINOR changes included)

Manifests changed:

  • . (maven)

Updates

Package From To Type Vulnerabilities Fixed
com.fasterxml.jackson.core:jackson-core 2.20.1 2.21.1 minor 1 HIGH
com.fasterxml.jackson.core:jackson-annotations 2.20 2.21 minor -
com.fasterxml.jackson.core:jackson-databind 2.20.1 2.20.2 patch -
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.20.1 2.20.2 patch -
com.github.scribejava:scribejava-core 8.3.1 8.3.3 patch -
jakarta.annotation:jakarta.annotation-api 2.1.0 2.1.1 patch -
org.glassfish.jersey.connectors:jersey-apache-connector 3.0.8 3.0.18 patch -
org.glassfish.jersey.core:jersey-client 3.0.8 3.0.18 patch -
org.glassfish.jersey.inject:jersey-hk2 3.0.8 3.0.18 patch -
org.glassfish.jersey.media:jersey-media-json-jackson 3.0.8 3.0.18 patch -
org.glassfish.jersey.media:jersey-media-multipart 3.0.8 3.0.18 patch -
org.openapitools:jackson-databind-nullable 0.2.3 0.2.9 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
com.fasterxml.jackson.core:jackson-core GHSA-72hv-8253-57qq HIGH jackson-core: Number Length Constraint Bypass in Async Parser Leads to Potential DoS Condition 2.20.1 2.18.6
⚠️ Dependencies that have Reached EOL (7)
Dependency Unsafe Version EOL Date New Version Path
com.fasterxml.jackson.core:jackson-annotations 2.20 - 2.21 pom.xml
com.fasterxml.jackson.core:jackson-core 2.20.1 - 2.21.1 pom.xml
com.fasterxml.jackson.core:jackson-databind 2.20.1 - 2.20.2 pom.xml
com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.20.1 - 2.20.2 pom.xml
com.github.scribejava:scribejava-core 8.3.1 - 8.3.3 pom.xml
org.glassfish.jersey.connectors:jersey-apache-connector 3.0.8 - 3.0.18 pom.xml
org.glassfish.jersey.inject:jersey-hk2 3.0.8 - 3.0.18 pom.xml

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod bot marked this pull request as ready for review March 10, 2026 14:24
@campaigner-prod campaigner-prod bot requested review from a team as code owners March 10, 2026 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-high-severity adms-java adms-minor-update adms-mode-all-updates campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants