From 15eb6adf922ba42e5ee4afedf487ee09bee2d73a Mon Sep 17 00:00:00 2001
From: Pekka Enberg <penberg@scylladb.com>
Date: Tue, 14 Jul 2020 10:17:17 +0300
Subject: [PATCH] apiclient: Bump Jackson version to 2.10.4

Jackson 2.9.x has various vulnerabilities that are fixed in 2.10 series:

https://github.com/FasterXML/jackson-databind/issues/2700#issuecomment-619590967

Let's update to the latest version of Jackson. This is a similar fix to
Github's Dependabot proposal, except we bump the version number across
all Jackson components:

https://github.com/scylladb/scylla-jmx/pull/116
---
 scylla-apiclient/pom.xml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scylla-apiclient/pom.xml b/scylla-apiclient/pom.xml
index 69ddc96..19d29d4 100644
--- a/scylla-apiclient/pom.xml
+++ b/scylla-apiclient/pom.xml
@@ -12,6 +12,7 @@
     <properties>
         <maven.compiler.target>1.8</maven.compiler.target>
         <maven.compiler.source>1.8</maven.compiler.source>
+        <jackson.version>2.10.4</jackson.version>
     </properties>
 
     <dependencies>
@@ -63,17 +64,17 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
-            <version>2.9.9</version>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.10.4</version>
+            <version>${jackson.version}</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.jaxrs</groupId>
             <artifactId>jackson-jaxrs-json-provider</artifactId>
-            <version>2.9.9</version>
+	    <version>${jackson.version}</version>
         </dependency>
     </dependencies>