From 52824744140c1617740627163a38542067185a67 Mon Sep 17 00:00:00 2001
From: petruki <31597636+petruki@users.noreply.github.com>
Date: Thu, 21 May 2026 18:39:40 -0700
Subject: [PATCH] patch: vulnerability introduced through jackson.core
 WS-2026-0003

---
 pom.xml | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 34d31b4..16f092c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,7 +61,7 @@
 		<!-- utils -->
 		<commons-lang3.version>3.20.0</commons-lang3.version>
 		<commons-net.version>3.13.0</commons-net.version>
-		<slf4j-api.version>2.0.17</slf4j-api.version>
+		<slf4j-api.version>2.0.18</slf4j-api.version>
 
 		<!-- test -->
 		<okhttp.version>5.3.2</okhttp.version>
@@ -184,6 +184,27 @@
 		</dependency>
 	</dependencies>
 
+	<dependencyManagement>
+		<dependencies>
+			<!-- Pin jackson.core: patch WS-2026-0003 Transitive Insufficient Information Vulnerability -->
+			<dependency>
+				<groupId>com.fasterxml.jackson.core</groupId>
+				<artifactId>jackson-core</artifactId>
+				<version>2.21.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.core</groupId>
+				<artifactId>jackson-databind</artifactId>
+				<version>2.21.3</version>
+			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.core</groupId>
+				<artifactId>jackson-annotations</artifactId>
+				<version>2.21</version>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
 	<profiles>
 		<profile>
 			<id>coverage</id>