XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184561.html