Fix the critical security issue.

Upgrade jackson-databind to version 2.9.4

Change-Id: Id3104e3ec59b7588c797e0dea231c7d28b0f666d
Issue-ID: MSB-121
Signed-off-by: Lizi <li.zi30@zte.com.cn>

diff --git a/sdclient/pom.xml b/sdclient/pom.xml
index 4d5bc7c..e0d4300 100644 (file)
--- a/sdclient/pom.xml
+++ b/sdclient/pom.xml
@@ -35,7 +35,7 @@
                <dropwizard.version>1.2.2</dropwizard.version>
                <guava.version>23.5-jre</guava.version>
                <jersey.version>2.25.1</jersey.version>
-               <jackson.version>2.8.11</jackson.version>
+               <jackson.version>2.9.4</jackson.version>
                <jetty.version>9.4.8.v20171121</jetty.version>
                <servlet.version>3.0.0.v201112011016</servlet.version>
                <metrics3.version>3.2.5</metrics3.version>
@@ -708,6 +708,11 @@
                                <artifactId>dropwizard-http2</artifactId>
                                <version>${dropwizard.version}</version>
                        </dependency>
+                       <dependency>
+                               <groupId>com.fasterxml.jackson.core</groupId>
+                               <artifactId>jackson-databind</artifactId>
+                               <version>${jackson.version}</version>
+                       </dependency>
                        <!-- <dependency> <groupId>io.swagger</groupId> <artifactId>swagger-jersey2-jaxrs</artifactId> 
                                <version>${swagger.version}</version> <scope>compile</scope> </dependency> -->
                </dependencies>