From 04188e50c52c925ccfebb52c8b6ea19ef3bfb90c Mon Sep 17 00:00:00 2001
From: Adam Valenta <adam.valenta@h2o.ai>
Date: Mon, 5 Aug 2024 16:20:38 +0200
Subject: [PATCH] GH-16349 - fix sonatype-2024-0171 with jackson-databind
 upgrade to 2.17.2 (#16350)

---
 h2o-assemblies/main/build.gradle  | 3 ++-
 h2o-assemblies/steam/build.gradle | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/h2o-assemblies/main/build.gradle b/h2o-assemblies/main/build.gradle
index e1c421cdd9f8..8e77ba6a1993 100644
--- a/h2o-assemblies/main/build.gradle
+++ b/h2o-assemblies/main/build.gradle
@@ -55,10 +55,11 @@ dependencies {
     api "com.google.protobuf:protobuf-java:3.21.7"
 
     constraints {
-        api('com.fasterxml.jackson.core:jackson-databind:2.16.1') {
+        api('com.fasterxml.jackson.core:jackson-databind:2.17.2') {
             because 'Fixes CVE-2022-42003'
             because 'Fixes PRISMA-2023-0067'
             because 'Fixes CVE-2023-35116'
+            because 'Fixes sonatype-2024-0171'
         }
         api('org.jetbrains.kotlin:kotlin-stdlib:1.6.21') {
             because 'Fixes CVE-2020-29582'
diff --git a/h2o-assemblies/steam/build.gradle b/h2o-assemblies/steam/build.gradle
index 6391acd96609..05dd706e4901 100644
--- a/h2o-assemblies/steam/build.gradle
+++ b/h2o-assemblies/steam/build.gradle
@@ -51,10 +51,11 @@ dependencies {
     api "com.google.oauth-client:google-oauth-client:1.33.3"
 
     constraints {
-        api('com.fasterxml.jackson.core:jackson-databind:2.16.1') {
+        api('com.fasterxml.jackson.core:jackson-databind:2.17.2') {
             because 'Fixes CVE-2022-42003'
             because 'Fixes PRISMA-2023-0067'
             because 'Fixes CVE-2023-35116'
+            because 'Fixes sonatype-2024-0171'
         }
         api('org.codehaus.jettison:jettison:1.5.4') {
             because 'Fixes CVE-2023-1436'