Flyway 12.1.0 upgraded Jackson to 3.1.0, but some bundled JDBC driver JARs still include older vulnerable versions of jackson-core, causing our security scans to fail.
Transitive vulnerable versions:
aws-secretsmanager-jdbc-2.0.3-shaded.jar-> jackson-core 2.20.0
databricks-jdbc-3.0.1.jar->jackson-core 2.18.3
couchbase core-io-3.9.2.jar-> jackson-core 2.19.2
These are the current stable/safe versions of jackson-core (3.1.0, 2.21.1, 2.18.6).
Could you provide a new Flyway release with aligned, secure Jackson dependencies.
Flyway 12.1.0 upgraded Jackson to 3.1.0, but some bundled JDBC driver JARs still include older vulnerable versions of jackson-core, causing our security scans to fail.
Transitive vulnerable versions:
aws-secretsmanager-jdbc-2.0.3-shaded.jar-> jackson-core 2.20.0
databricks-jdbc-3.0.1.jar->jackson-core 2.18.3
couchbase core-io-3.9.2.jar-> jackson-core 2.19.2
These are the current stable/safe versions of jackson-core (3.1.0, 2.21.1, 2.18.6).
Could you provide a new Flyway release with aligned, secure Jackson dependencies.