From 207a093d193afa221e721b68da9106f6d26922f7 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Thu, 8 Aug 2019 16:22:30 +0200
Subject: [PATCH 1/3] Bump forgotten self-version numbers

---
 README       | 4 ++--
 build.gradle | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README b/README
index ba1d733..95a4cb6 100644
--- a/README
+++ b/README
@@ -19,14 +19,14 @@ Maven:
  <dependency>
    <groupId>com.yubico</groupId>
    <artifactId>u2flib-server-core</artifactId>
-   <version>0.19.5</version>
+   <version>0.19.6</version>
  </dependency>
 
 Gradle:
 [source, groovy]
  repositories{ mavenCentral() }
  dependencies {
-   compile 'com.yubico:u2flib-server-core:0.19.5'
+   compile 'com.yubico:u2flib-server-core:0.19.6'
  }
 
 === Example Usage
diff --git a/build.gradle b/build.gradle
index 5bb292f..64deb83 100644
--- a/build.gradle
+++ b/build.gradle
@@ -40,7 +40,7 @@ allprojects  {
   }
 
   group = 'com.yubico'
-  version = '0.19.5'
+  version = '0.19.6'
 
   sourceCompatibility = 1.6
   targetCompatibility = 1.6

From fd0db8b0038a2679d23197bb66f3c7c4c3a12db0 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Thu, 8 Aug 2019 16:22:42 +0200
Subject: [PATCH 2/3] Fix jackson dependency version in Gradle config

---
 u2flib-server-core/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/u2flib-server-core/build.gradle b/u2flib-server-core/build.gradle
index 02ee330..a80cc8f 100644
--- a/u2flib-server-core/build.gradle
+++ b/u2flib-server-core/build.gradle
@@ -5,7 +5,7 @@ dependencies {
   compile(
     [group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version:'1.54'],
     [group: 'com.google.guava', name: 'guava', version:'19.0'],
-    [group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:'2.9.9'],
+    [group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:'2.9.9.3'],
   )
 
 }

From 65074c3ed6e2b63f0b245a744ae113ac53bd62d6 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Tue, 8 Oct 2019 12:07:23 +0200
Subject: [PATCH 3/3] Bump Jackson dependency version

---
 NEWS                            | 5 +++++
 u2flib-server-core/build.gradle | 2 +-
 u2flib-server-core/pom.xml      | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index fddaf28..1dc5ca5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,8 @@
+== Version 0.19.7 (unreleased) ==
+
+* Bumped Jackson dependency to version 2.9.10 which has patched CVE-2019-16335, CVE-2019-14540
+
+
 == Version 0.19.6 ==
 
 * Bumped Jackson dependency to version 2.9.9.3 which fixes a regression in 2.9.9.2
diff --git a/u2flib-server-core/build.gradle b/u2flib-server-core/build.gradle
index a80cc8f..96c92a0 100644
--- a/u2flib-server-core/build.gradle
+++ b/u2flib-server-core/build.gradle
@@ -5,7 +5,7 @@ dependencies {
   compile(
     [group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version:'1.54'],
     [group: 'com.google.guava', name: 'guava', version:'19.0'],
-    [group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:'2.9.9.3'],
+    [group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:'2.9.10'],
   )
 
 }
diff --git a/u2flib-server-core/pom.xml b/u2flib-server-core/pom.xml
index e98f723..9b17cd8 100755
--- a/u2flib-server-core/pom.xml
+++ b/u2flib-server-core/pom.xml
@@ -24,7 +24,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.9.9.3</version>
+            <version>2.9.10</version>
         </dependency>
     </dependencies>
 </project>