diff --git a/.trivyignore b/.trivyignore index 95aa9b7d..034ca026 100644 --- a/.trivyignore +++ b/.trivyignore @@ -5,3 +5,8 @@ # jackson-core async parser DoS - not exploitable, services only use synchronous ObjectMapper API # See: UID2-6670 GHSA-72hv-8253-57qq exp:2026-09-01 + +# jackson-databind data-binding vulnerability - no upstream fix released yet (fix targets: 2.18.8, 2.21.4, 3.1.4) +# See: UID2-7364 +CVE-2026-54512 exp:2026-07-25 +CVE-2026-54513 exp:2026-07-25 diff --git a/pom.xml b/pom.xml index 27685223..692a4133 100644 --- a/pom.xml +++ b/pom.xml @@ -206,10 +206,15 @@ cbor 0.9 + + com.fasterxml.jackson.core + jackson-core + 2.19.0 + com.fasterxml.jackson.core jackson-databind - 2.14.2 + 2.19.0 org.projectlombok