Jackson-dataformat-cobr 2.10.4 used by elasticsearch-x-content 7.9.x seems to have security issues:
CVE-2020-28491
CVE-2020-25649
Those issue seems to be fixed in later version of Jackson.
Is there an intention to upgrade jackson ? which version and when ?
Welcome to our community! 
The best way to get some assistance with this is to check out Free and Open Search: The Creators of Elasticsearch, ELK & Kibana | Elastic
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.