Jackson-dataformat-cobr 2.10.4 used by elasticsearch-x-content 7.9.x seems to have security issues:
CVE-2020-28491
CVE-2020-25649
Those issue seems to be fixed in later version of Jackson.
Is there an intention to upgrade jackson ? which version and when ?