Ehcache 2.10.10 - jackson-databind 2.11 vulnerability

[Luca Zenobi]

Hi there,

I have seen that there is an unreleased branch 2.10.10 https://github.com/ehcache/ehcache2/tree/release/2.10.10 that is fixing the vulnerability detected in jackson-databind 2.11 and fixed in 2.13.1 https://github.com/FasterXML/jackson-databind/issues/3328 .

May I ask if it is planned that this branch will be publicly available in maven central and when? Is it possible / safe to push in a private artifactory and use it in production code?

Many thanks for your answers,

Luca