diff --git a/CHANGELOG.md b/CHANGELOG.md index d9a356c9a1f..565a29e2fd8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ For information on changes in released versions of Teku, see the [releases page] ### Additions and Improvements - Enabled new framework for REST API with better performance and less memory usage. The new framework does not cause any breaking changes, however if needed the old version can be restored with `--Xrest-api-migrated-enabled=false` +- Updated jackson-databind library to version 2.13.4.2 addressing [CVE-2022-42003](https://nvd.nist.gov/vuln/detail/CVE-2022-42003) ### Bug Fixes - Fix issue where /readiness endpoint returned 200 when Execution Client was not available. diff --git a/gradle/versions.gradle b/gradle/versions.gradle index c44f2dc3e55..c88c529d5a2 100644 --- a/gradle/versions.gradle +++ b/gradle/versions.gradle @@ -1,6 +1,6 @@ dependencyManagement { dependencies { - dependency 'com.fasterxml.jackson.core:jackson-databind:2.13.4' + dependency 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2' dependency 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4' dependency 'com.fasterxml.jackson.dataformat:jackson-dataformat-toml:2.13.4' dependency 'com.fasterxml.jackson.module:jackson-module-kotlin:2.13.4'