jackson-databind has already been updated from 2.3.4 to 2.9.6 for the Release 0.3.9 milestone, per #375.
The version should be updated (again) to 2.9.8. This would address multiple threats. From jackson release notes:
java-client-api may or may not have actual exposure to any of these vulnerabilities... but updating will prevent 3rd party analysers giving alerts.
jackson-databind has already been updated from 2.3.4 to 2.9.6 for the Release 0.3.9 milestone, per #375.
The version should be updated (again) to 2.9.8. This would address multiple threats. From jackson release notes:
java-client-api may or may not have actual exposure to any of these vulnerabilities... but updating will prevent 3rd party analysers giving alerts.