Bit of an FYI here - we're just releasing http4k 3.174.0 which contains an upgraded version of Jackson to cover this CVE. You may not be affected, but we recommend that you upgrade anyway: https://nvd.nist.gov/vuln/detail/CVE-2019-14379