From 67ca6bf74c0a9eecac0132098173f472257bf5fc Mon Sep 17 00:00:00 2001
From: iosmanthus <dengliming@pingcap.com>
Date: Thu, 7 Apr 2022 18:11:24 +0800
Subject: [PATCH] [close #567] upgrade jackson-databind to 2.13.2.2 to fix
 CVE-2020-36518 (#584)

Signed-off-by: iosmanthus <myosmanthustree@gmail.com>
---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6b7014278a4..c6d70eddd69 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,8 +65,8 @@
         <grpc.version>1.38.0</grpc.version>
         <gson.version>2.8.9</gson.version>
         <powermock.version>1.6.6</powermock.version>
-        <jackson.version>2.10.5</jackson.version>
-        <jackson.databind.version>2.10.5.1</jackson.databind.version>
+        <jackson-annotations.version>2.13.2</jackson-annotations.version>
+        <jackson.version>2.13.2.2</jackson.version>
         <trove4j.version>3.0.1</trove4j.version>
         <jetcd.version>0.4.1</jetcd.version>
         <joda-time.version>2.9.9</joda-time.version>
@@ -179,12 +179,12 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>${jackson.version}</version>
+            <version>${jackson-annotations.version}</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>${jackson.databind.version}</version>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
             <groupId>io.etcd</groupId>