From 39f8432fca2f4044a91acbc85b8223c307f84319 Mon Sep 17 00:00:00 2001
From: Jean-Louis Monteiro <jlmonteiro@tomitribe.com>
Date: Fri, 12 Jun 2026 17:02:34 -0700
Subject: [PATCH] chore(deps): bump jackson 2.21.1 -> 2.21.4 (hygiene /
 defense-in-depth)

Latest 2.21 patch on Maven Central. CVE-2026-50193 audited as NOT AFFECTED
on ActiveMQ broker (no caller of InternalNodeMapper / JsonNode.toString /
toPrettyString) -- see docs/security-audits/2026/CVE-2026-50193.md in the
tomitribe/cve repo. This bump is hygiene-only.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a85f69adc59..2a87ac7e0cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -68,7 +68,7 @@
     <httpclient-version>4.5.14</httpclient-version>
     <httpcore-version>4.4.16</httpcore-version>
     <insight-version>1.2.0.Beta4</insight-version>
-    <jackson-version>2.21.1</jackson-version>
+    <jackson-version>2.21.4</jackson-version>
     <jackson-annotations-version>2.21</jackson-annotations-version>
     <jasypt-version>1.9.3</jasypt-version>
     <jaxb-bundle-version>2.3.2_1</jaxb-bundle-version>