Hi Team,
I excluded jackson-databind in camunda-spin-dataformat-all. but still, identify the vulnerability issues which are identified in jackson-databind. also, I checked the transitive dependency in camunda-spin-dataformat-all, but I can not find jackson-databind dependency usage.
pom snippet as below
as you mentioned, spin-dataformat-all shades jackson-json Thus excluding it has not taken any effect on VA. so, is there any solution to overcome jackson-json valunerability by using the latest spin-dataformat-all