From c8edd801e208edc2fc3f786495d66379bf7928f3 Mon Sep 17 00:00:00 2001
From: Mark Symons <mark.symons@weareact.com>
Date: Sun, 15 Sep 2019 15:06:42 +0100
Subject: [PATCH] [JENKINS-59379] Update jackson via BOM import

* Change property name from jackson-databind.version to jackson.version
* Replace jackson modules in dependencyManagement by jackson-bom POM import
* Use version 2.9.9.20190807.  This gives jackson-databind 2.9.9.3 with fixes for four CVE
---
 pom.xml | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/pom.xml b/pom.xml
index 68704676..c26339f1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -62,7 +62,7 @@
     <httpclient.version>4.5.8</httpclient.version>
     <httpcore.version>4.4.11</httpcore.version>
     <httpmime.version>4.5.8</httpmime.version>
-    <jackson-databind.version>2.9.9</jackson-databind.version>
+    <jackson.version>2.9.9.20190807</jackson.version>
   </properties>
 
   <licenses>
@@ -88,20 +88,11 @@
     <dependencies>
       <!-- Marshalling -->
       <dependency>
-        <groupId>com.fasterxml.jackson.core</groupId>
-        <artifactId>jackson-annotations</artifactId>
-        <version>${jackson-databind.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.fasterxml.jackson.core</groupId>
-        <artifactId>jackson-core</artifactId>
-        <version>${jackson-databind.version}</version>
-      </dependency>
-
-      <dependency>
-        <groupId>com.fasterxml.jackson.core</groupId>
-        <artifactId>jackson-databind</artifactId>
-        <version>${jackson-databind.version}</version>
+          <groupId>com.fasterxml.jackson</groupId>
+          <artifactId>jackson-bom</artifactId>
+          <version>${jackson.version}</version>
+          <type>pom</type>
+          <scope>import</scope>
       </dependency>
 
       <dependency>