Spring Cloud Netflix Vulnerability in Spring dependency 'jackson-mapper-asl 1.9.2'

Our security scanner (Veracode) revealed a vulnerability in jackson-mapper-asl 1.9.2 which is a dependency of org.springframework.cloud:spring-cloud-starter-netflix-turbine:2.2.8.RELEASE (last version).

Please, I want to ask you to update spring-cloud-starter-netflix-turbine library with a secure version of jackson-databind, cause jackson-mapper-asl is deprecated and contains many security flaws as you can see here https://nvd.nist.gov/vuln/detail/CVE-2019-10172

Comment From: OlgaMaciaszek

This dependency does not come from our code but is a dependency of Netflix/Turbine and the issue should be reported and there.