We have Druid single node running on Google kubernetes(GKE), and we use latest Druid version(0.17.0). And some of the jars have appeared in the list of security vulnerable packages.
com.fasterxml.jackson.core_jackson-databind : version 2.4.0 is one among the list.
But Druid 0.17.0 use latest version of jackson databind(2.10.1) in both lib and extension folders. I am unable to find a direct reference to version 2.4.0.
Could I get some guidance on locating version 2.4.0 of com.fasterxml.jackson.core_jackson-databind, anywhere in Druid 0.17.0 version?