Grails 3-4; resolving gadget vulnerabilities in json deserialization

Grails 3+ depends on Spring Boot 2, which depends on the jackson-databind 2.9.9 library. Since it is vulnerable to multiple kinds of gadget attacks, you might want to upgrade it to the latest version by adding this in your dependencies block:

// blocks some gadget type vulnerabilities

compile "com.fasterxml.jackson.core:jackson-databind:2.9.10.1"