From 77ca08857b8545e996c5ea4ecc9b4c766e3d417f Mon Sep 17 00:00:00 2001
From: Soh Boon Keong <sohboonkeong@gmail.com>
Date: Tue, 7 Jun 2022 15:24:53 +0800
Subject: [PATCH 1/2] update vulnerabilities fixes

---
 CHANGELOG.md | 6 ++++++
 build.gradle | 8 ++++----
 pom.xml      | 6 +++---
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2af2605..48af3d2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Change Log
 
+### V2.1.4
+
+- Fixed vulnerability CVE-2021-44832, CWE-400
+- Update to log4j version 2.17.1
+- Update to jackson-databind version 2.12.6
+
 ### V2.1.3
 
 - Fixed vulnerability CVE-2021-45105
diff --git a/build.gradle b/build.gradle
index 0e748a7..4021e40 100644
--- a/build.gradle
+++ b/build.gradle
@@ -20,9 +20,9 @@ dependencies {
     
     //gradle 4.0
     compile group: 'commons-lang', name: 'commons-lang', version: '2.4'
-    compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.0'
-    compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.0'
-    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5.1'
+    compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.17.1'
+    compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.17.1'
+    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6.1'
     compile group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1'
     compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.69'
     
@@ -30,7 +30,7 @@ dependencies {
 
     //gradle 6.9
     //implementation group: 'commons-lang', name: 'commons-lang', version: '2.4'
-    //implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.5.1'
+    //implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.12.6.1'
     //implementation group: 'com.googlecode.json-simple', name: 'json-simple', version: '1.1.1'
     //implementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.69'
     //testImplementation group: 'junit', name: 'junit', version: '4.13.1'
diff --git a/pom.xml b/pom.xml
index efb6135..6dd827b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -80,12 +80,12 @@
   	<dependency>
 		    <groupId>org.apache.logging.log4j</groupId>
 		    <artifactId>log4j-api</artifactId>
-		    <version>2.17.0</version>
+		    <version>2.17.1</version>
 	</dependency>
   	<dependency>
 		    <groupId>org.apache.logging.log4j</groupId>
 		    <artifactId>log4j-core</artifactId>
-		    <version>2.17.0</version>
+		    <version>2.17.1</version>
 	</dependency>
   	<dependency>
             <groupId>commons-lang</groupId>
@@ -95,7 +95,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.10.5.1</version>
+            <version>2.12.6</version>
         </dependency>
         <dependency>
 		    <groupId>com.googlecode.json-simple</groupId>

From f4fa7b30f92ae2c1ea9230e2253b7349fd7220b1 Mon Sep 17 00:00:00 2001
From: Soh Boon Keong <sohboonkeong@gmail.com>
Date: Tue, 7 Jun 2022 15:28:20 +0800
Subject: [PATCH 2/2] update vulnerabilities fixes

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6dd827b..44ce0fd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -95,7 +95,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.12.6</version>
+            <version>2.12.6.1</version>
         </dependency>
         <dependency>
 		    <groupId>com.googlecode.json-simple</groupId>