constraint on jackson-databind because of various vulnerabilities

ie3-institute · Aug 7, 2023 · c646c71 · c646c71
1 parent abe092b
commit c646c71
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/build.gradle b/build.gradle
@@ -64,6 +64,12 @@ repositories {
 }
 
 dependencies {
+  constraints {
+    implementation( 'com.fasterxml.jackson.core:jackson-databind:2.13.4.2+' ){
+      because "[CVE-2020-25649] CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
+    }
+  }
+
   // ie³ internal repository
   implementation('com.github.ie3-institute:PowerSystemUtils:2.0') {
     exclude group: 'org.apache.logging.log4j'