Detail
Bugfix
Currently the Jackson FasterXML image library version 2.13.2 is used.
This version contains a security vulnerability:
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
Read more here.
Test
The build task CheckDependencies should not contain an error of the type com.top-logic:tl-parent-all.pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2.2.