Skip to content

Commit

Permalink
constraint on jackson-databind because of various vulnerabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
sebastian-peter committed Aug 7, 2023
1 parent abe092b commit c646c71
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,12 @@ repositories {
}

dependencies {
constraints {
implementation( 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2+' ){
because "[CVE-2020-25649] CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
}
}

// ie³ internal repository
implementation('com.github.ie3-institute:PowerSystemUtils:2.0') {
exclude group: 'org.apache.logging.log4j'
Expand Down

0 comments on commit c646c71

Please sign in to comment.