SSCS-11169 - upgrade jackson-databind (#1358)

* SSCS-11169 - suppress CVE-2022-42003 until 2023 Jan * SSCS-11169 upgrade jackson-databind * SSCS-11169 - update comment * SSCS 11169 - comment fix
hmcts · Nov 16, 2022 · 20c213d · 20c213d
1 parent c0cf33c
commit 20c213d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 9 deletions.
diff --git a/build.gradle b/build.gradle
@@ -328,8 +328,8 @@ dependencyManagement {
     //CVE-2021-28170
     dependency group: 'org.glassfish', name: 'jakarta.el', version: '4.0.2'
 
-    //CVE-2020-36518, CVE-2022-42003, CVE-2022-42004
-    dependencySet(group: 'com.fasterxml.jackson.core', version: '2.13.4') {
+    //CVE-2020-36518, CVE-2022-42004
+    dependencySet(group: 'com.fasterxml.jackson.core', version: '2.14.0') {
         entry 'jackson-databind'
         entry 'jackson-core'
         entry 'jackson-annotations'

diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -9,11 +9,4 @@
     <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
     <cve>CVE-2016-1000027</cve>
   </suppress>
-  <suppress until = "2022-11-08">
-    <notes><![CDATA[
-   file name: jackson-databind-2.13.4.jar
-   ]]></notes>
-    <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
-    <cve>CVE-2022-42003</cve>
-  </suppress>
 </suppressions>