From 182f5601ff5ef35ce10dba59eb64d441358843d5 Mon Sep 17 00:00:00 2001
From: Lucas Saldanha <lucas.saldanha@consensys.net>
Date: Sat, 22 Oct 2022 22:23:40 +1300
Subject: [PATCH] Upgrade jackson-databind to 2.13.4.2 (#6336)

---
 CHANGELOG.md           | 1 +
 gradle/versions.gradle | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d9a356c9a1f..565a29e2fd8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ For information on changes in released versions of Teku, see the [releases page]
 
 ### Additions and Improvements
 - Enabled new framework for REST API with better performance and less memory usage. The new framework does not cause any breaking changes, however if needed the old version can be restored with `--Xrest-api-migrated-enabled=false`
+- Updated jackson-databind library to version 2.13.4.2 addressing [CVE-2022-42003](https://nvd.nist.gov/vuln/detail/CVE-2022-42003)
 
 ### Bug Fixes
 - Fix issue where /readiness endpoint returned 200 when Execution Client was not available.
diff --git a/gradle/versions.gradle b/gradle/versions.gradle
index c44f2dc3e55..c88c529d5a2 100644
--- a/gradle/versions.gradle
+++ b/gradle/versions.gradle
@@ -1,6 +1,6 @@
 dependencyManagement {
   dependencies {
-    dependency 'com.fasterxml.jackson.core:jackson-databind:2.13.4'
+    dependency 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2'
     dependency 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.4'
     dependency 'com.fasterxml.jackson.dataformat:jackson-dataformat-toml:2.13.4'
     dependency 'com.fasterxml.jackson.module:jackson-module-kotlin:2.13.4'