From c646c71bddb914cf68696996efd16525e9f8c39b Mon Sep 17 00:00:00 2001
From: Sebastian Peter <sebastian.peter@tu-dortmund.de>
Date: Mon, 7 Aug 2023 17:50:39 +0200
Subject: [PATCH] constraint on jackson-databind because of various
 vulnerabilities

---
 build.gradle | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/build.gradle b/build.gradle
index b98d4e6a3f..ce7622d024 100644
--- a/build.gradle
+++ b/build.gradle
@@ -64,6 +64,12 @@ repositories {
 }
 
 dependencies {
+  constraints {
+    implementation( 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2+' ){
+      because "[CVE-2020-25649] CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
+    }
+  }
+
   // ie³ internal repository
   implementation('com.github.ie3-institute:PowerSystemUtils:2.0') {
     exclude group: 'org.apache.logging.log4j'