Hi @cowtowncoder <https://github.com/cowtowncoder>,
Apologies if I'm repeating an old question here. I have a service which is using jackson-databind and I'm aware that in version 2.9.8 the issue regarding CVE vulnerabilities related to jackson-databind and default typing have been somewhat resolved using a blacklisting approach. It now looks like there will be a new fix added to upcoming 2.10 / 3.x release and I was wondering if there is any blog which describes this fix and how its more secure compared to 2.9.8 ? Also If the fix will be included in 2.10, is there a rough estimate as to its release date ? Thanks again for your help. -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user+unsubscr...@googlegroups.com. To post to this group, send email to jackson-user@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/35caa29a-60c8-4f08-bafd-b4d4f9170298%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
