今天在Github.com上传代码时,显示
Known high severity security vulnerability detected in com.fasterxml.jackson.core:jackson-databind < 2.8.11.1 defined in pom.xml. pom.xml update suggested: com.fasterxml.jackson.core:jackson-databind ~> 2.8.11.1.翻译成中文:
在com.fasterxml.jackson.core中检测到已知的高严重性安全漏洞: 在pom.xml中定义的jackson-databind <2.8.11.1。 建议使用pom.xml更新:com.fasterxml.jackson.core:jackson-databind~> 2.8.11.1。
故将Jackson的依赖改为2.9.9
<properties> <jackson.version>2.9.9</jackson.version> </properties> <dependencies> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>${jackson.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-annotations</artifactId> <version>${jackson.version}</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-core</artifactId> <version>${jackson.version}</version> </dependency> </dependencies>这样问题便可以解决了,终究还是版本太低造成的。
