Logstash how to solve the problem about jackson-databind CVE-2019-12384

logstash how to solve the problem about jackson-databind CVE-2019-12384

my path is:
/usr/local/logstash/logstash-core/lib/jars/jackson-annotations-2.9.5.jar
it is seem the jackson lib version is 2.9.5,
This bug must update the jackson lib to 2.9.9.1
But the lastest logstash's version of jackson lib is 2.9.8,So i don't know how to solve this problem , Anyone can help me ?

Logstash is not vulnerable to this CVE.

We only use Jackson to deserialise JSON strings into a fixed (controlled by us) set of internal or standard Ruby/Java classes and then to serialise these same fixed set of classes into standard JSON.

We will update Jackson and JrJackson in due course.

Thanks .