Fix jackson-databind (Java) security issue

PR checklist

• Read the contribution guidelines.
• Ran the shell script under ./bin/ to update Petstore sample so that CIs can verify the change. (For instance, only need to run ./bin/{LANG}-petstore.sh and ./bin/security/{LANG}-petstore.sh if updating the {LANG} (e.g. php, ruby, python, etc) code generator or {LANG} client's mustache templates). Windows batch files can be found in .\bin\windows\.
• Filed the PR against the correct branch: master, 3.4.x, 4.0.x. Default: master.
• Copied the technical committee to review the pull request if your PR is targeting a particular programming language.

Description of the PR

Updated jackson-databind version to 2.8.11.2 to address the issue.

modules/openapi-generator/src/main/resources/Groovy/build.gradle.mustache

@@ -24,8 +24,9 @@ repositories {
 }
 
 ext {
-    swagger_annotations_version = "1.5.8"
-    jackson_version = "2.7.0"
+    swagger_annotations_version = "1.5.21"
+    jackson_version = "2.8.11"
+    jackson_databind_version = "2.8.11.2"
 }
 
 dependencies {
@@ -34,7 +35,7 @@ dependencies {
     compile "com.fasterxml.jackson.core:jackson-core:$jackson_version"
     compile "com.fasterxml.jackson.core:jackson-annotations:$jackson_version"
     compile "com.fasterxml.jackson.core:jackson-databind:$jackson_version"
-    compile "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:$jackson_version"
+    compile "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:$jackson_databind_version"
     compile "com.fasterxml.jackson.datatype:jackson-datatype-joda:2.1.5"
     compile 'org.codehaus.groovy.modules.http-builder:http-builder:0.7.1'
 }

modules/openapi-generator/src/main/resources/Java/libraries/feign/build.gradle.mustache

@@ -119,7 +119,8 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.21"
-    jackson_version = "2.8.7"
+    jackson_version = "2.8.11"
+    jackson_databind_version = "2.8.11.2"
     {{#threetenbp}}
     threepane_version = "2.6.4"
     {{/threetenbp}}
@@ -137,7 +138,7 @@ dependencies {
     compile "io.github.openfeign.form:feign-form:$feign_form_version"
     compile "com.fasterxml.jackson.core:jackson-core:$jackson_version"
     compile "com.fasterxml.jackson.core:jackson-annotations:$jackson_version"
-    compile "com.fasterxml.jackson.core:jackson-databind:$jackson_version"
+    compile "com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version"
     {{#joda}}
     compile "com.fasterxml.jackson.datatype:jackson-datatype-joda:$jackson_version"
     {{/joda}}

modules/openapi-generator/src/main/resources/Java/libraries/feign/build.sbt.mustache

@@ -14,10 +14,11 @@ lazy val root = (project in file(".")).
       "io.github.openfeign" % "feign-jackson" % "{{#useFeign10}}10.0.1{{/useFeign10}}{{^useFeign10}}9.4.0{{/useFeign10}}" % "compile",
       "io.github.openfeign" % "feign-slf4j" % "{{#useFeign10}}10.0.1{{/useFeign10}}{{^useFeign10}}9.4.0{{/useFeign10}}" % "compile",
       "io.github.openfeign.form" % "feign-form" % "2.1.0" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-core" % "2.8.7" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.8.7" % "compile",
-      "com.fasterxml.jackson.core" % "jackson-databind" % "2.8.7" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-core" % "2.8.11" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-annotations" % "2.8.11" % "compile",
+      "com.fasterxml.jackson.core" % "jackson-databind" % "2.8.11.2" % "compile",
       "com.fasterxml.jackson.datatype" % "jackson-datatype-{{^java8}}joda{{/java8}}{{#java8}}jsr310{{/java8}}" % "2.8.7" % "compile",
+      "com.github.joschi.jackson" % "jackson-datatype-threetenbp" % "2.6.4" % "compile",
       "org.apache.oltu.oauth2" % "org.apache.oltu.oauth2.client" % "1.0.1" % "compile",
       "com.brsanthu" % "migbase64" % "2.2" % "compile",
       "junit" % "junit" % "4.12" % "test",

modules/openapi-generator/src/main/resources/Java/libraries/feign/pom.mustache

@@ -235,7 +235,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>${jackson-version}</version>
+            <version>${jackson-databind-version}</version>
         </dependency>
         {{#withXml}}
 
@@ -302,7 +302,8 @@
         <swagger-annotations-version>1.5.21</swagger-annotations-version>
         <feign-version>{{#useFeign10}}10.0.1{{/useFeign10}}{{^useFeign10}}9.4.0{{/useFeign10}}</feign-version>
         <feign-form-version>2.1.0</feign-form-version>
-        <jackson-version>2.8.9</jackson-version>
+        <jackson-version>2.8.11</jackson-version>
+        <jackson-databind-version>2.8.11.2</jackson-databind-version>
         {{#threetenbp}}
         <jackson-threetenbp-version>2.6.4</jackson-threetenbp-version>
         {{/threetenbp}}

modules/openapi-generator/src/main/resources/Java/libraries/google-api-client/build.gradle.mustache

@@ -119,7 +119,8 @@ if(hasProperty('target') && target == 'android') {
 
 ext {
     swagger_annotations_version = "1.5.21"
-    jackson_version = "2.8.9"
+    jackson_version = "2.8.11"
+    jackson_databind_version = "2.8.11.2"
     google_api_client_version = "1.23.0"
     jersey_common_version = "2.25.1"
     jodatime_version = "2.9.9"
@@ -135,7 +136,7 @@ dependencies {
     compile "org.glassfish.jersey.core:jersey-common:${jersey_common_version}"
     compile "com.fasterxml.jackson.core:jackson-core:$jackson_version"
     compile "com.fasterxml.jackson.core:jackson-annotations:$jackson_version"
-    compile "com.fasterxml.jackson.core:jackson-databind:$jackson_version"
+    compile "com.fasterxml.jackson.core:jackson-databind:$jackson_databind_version"
     compile "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:$jackson_version"
     {{#java8}}
     compile "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:$jackson_version"