We are running with Activiti version 6.0.0, and are noticing that security scans reveal security vulnerabilities with the following two transitive dependencies:
- com.fasterxml.jackson.core : jackson-databind : 2.7.5
- org.apache.commons : commons-email : 1.4
In both cases I notice that there are later versions of these libraries available. In the case of jackson-databind, version 2.9.6 ; and in the case of commons-email, version 1.5.
Are there plans to upgrade these dependencies in future releases of activiti?