[Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities

[asfimport]

please consider upgrading jackson to mitigate its various vulnerabilities in 2.7.1:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson

see also
FasterXML/jackson-databind#1599

Reporter: Matt Darwin / @mattdarwin
Assignee: Matt Darwin / @mattdarwin

_{Note: This issue was originally created as ARROW-1242. Please see the migration documentation for further details.}

[asfimport]

Matt Darwin / @mattdarwin:
I've fixed this in PR 872 - please merge that in.

[asfimport]

Wes McKinney / @wesm:
Issue resolved by pull request 929
#929

[asfimport]

Matt Darwin / @mattdarwin:
Sorry @wesm, there was a bug in my PR and it's not changed the Jackson version. java/pom.xml defines a jackson.version variable, but in java/vector/pom.xml it doesn't use that variable. I've changed it in my branch and have submitted a new PR #957 .

[asfimport]

Wes McKinney / @wesm:
Issue resolved by pull request 957
#957