CCD-5160 : Fix CVE-2023-35116 : bumped jackson.version to 2.16.0 (#1452)

* CCD-5160 : Fix CVE-2023-35116 : bumped jackson.version to 2.16.0 * update jackson in commons * Fix suppressions --------- Co-authored-by: ankita-srivastava009 <[email protected]>
hmcts · Apr 8, 2024 · 6e08ef0 · 6e08ef0
1 parent f707e9e
commit 6e08ef0
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/build.gradle b/build.gradle
@@ -37,7 +37,7 @@ ext['elasticsearch.version'] = '7.17.1'
 ext['javax-validation.version'] = '2.0.1.Final'
 ext['hibernate-validator.version'] = '6.0.20.Final'
 ext['spring-security.version'] = '5.7.10'
-ext['jackson.version'] = '2.15.3'
+ext['jackson.version'] = '2.16.0'
 ext['snakeyaml.version'] = '2.0'
 ext['postgresql.version'] = '42.5.1'
 //overriding log4j2 default version 2.7 because of vulnerability issues

diff --git a/commons/build.gradle b/commons/build.gradle
@@ -16,7 +16,7 @@ bootJar {
 }
 
 def versions = [
-        jackson         : '2.14.1'
+        jackson         : '2.16.0'
 ]
 
 dependencies {

diff --git a/dependency-check-suppressions.xml b/dependency-check-suppressions.xml
@@ -3,7 +3,7 @@
     <notes>Temporary Suppression
         CVE-2024-25710 refer [Ticket]
         CVE-2023-35116 refer [Ticket]
-        CVE-2022-45688 refer [Ticket]
+        CVE-2022-45688 refer https://tools.hmcts.net/jira/browse/CCD-4373
         CVE-2023-5072 refer [Ticket]
         CVE-2023-6378 refer [Ticket]
         CVE-2023-34055 refer [Ticket]