We've just released Dropwizard 1.3.16 with an update to Jackson 2.9.10.20191020 to address CVE-2019-16942, CVE-2019-16943, and CVE-2019-1753.
Thanks to Mark Symons (https://github.com/msymons)!
Release notes: https://github.com/dropwizard/dropwizard/releases/tag/v1.3.16