diff --git a/dropwizard-bom/pom.xml b/dropwizard-bom/pom.xml
index 453475a34ab..8adfe456610 100644
--- a/dropwizard-bom/pom.xml
+++ b/dropwizard-bom/pom.xml
@@ -21,7 +21,7 @@
         <dropwizard.version>${project.version}</dropwizard.version>
         <guava.version>24.1.1-jre</guava.version>
         <jersey.version>2.25.1</jersey.version>
-        <jackson.version>2.9.6</jackson.version>
+        <jackson.version>2.9.8</jackson.version>
         <jetty.version>9.4.11.v20180605</jetty.version>
         <servlet.version>3.0.0.v201112011016</servlet.version>
         <metrics4.version>4.0.2</metrics4.version>
diff --git a/dropwizard-configuration/src/test/java/io/dropwizard/configuration/YamlConfigurationFactoryTest.java b/dropwizard-configuration/src/test/java/io/dropwizard/configuration/YamlConfigurationFactoryTest.java
index e86770776c5..99334325ca6 100644
--- a/dropwizard-configuration/src/test/java/io/dropwizard/configuration/YamlConfigurationFactoryTest.java
+++ b/dropwizard-configuration/src/test/java/io/dropwizard/configuration/YamlConfigurationFactoryTest.java
@@ -30,12 +30,6 @@ public void printsDetailedInformationOnMalformedContent() throws Exception {
             .hasMessageContaining(String.format(
                 "%s has an error:%n" +
                 "  * Malformed YAML at line: 3, column: 22; while parsing a flow sequence\n" +
-                " in 'reader', line 2, column 7:\n" +
-                "    type: [ coder,wizard\n" +
-                "          ^\n" +
-                "expected ',' or ']', but got StreamEnd\n" +
-                " in 'reader', line 2, column 21:\n" +
-                "    wizard\n" +
-                "          ^", malformedAdvancedFile.getName()));
+                " in 'reader'", malformedAdvancedFile.getName()));
     }
 }
diff --git a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/Jackson.java b/dropwizard-jackson/src/main/java/io/dropwizard/jackson/Jackson.java
index e971834eb4d..7373761ecfd 100644
--- a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/Jackson.java
+++ b/dropwizard-jackson/src/main/java/io/dropwizard/jackson/Jackson.java
@@ -64,7 +64,6 @@ private static ObjectMapper configure(ObjectMapper mapper) {
         mapper.setPropertyNamingStrategy(new AnnotationSensitivePropertyNamingStrategy());
         mapper.setSubtypeResolver(new DiscoverableSubtypeResolver());
 
-        mapper.registerModule(new SafeJavaTimeModule());
         return mapper;
     }
 }
diff --git a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeDurationDeserializer.java b/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeDurationDeserializer.java
deleted file mode 100644
index 27f35190a13..00000000000
--- a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeDurationDeserializer.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package io.dropwizard.jackson;
-
-import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.core.JsonTokenId;
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.databind.deser.std.StdScalarDeserializer;
-import com.fasterxml.jackson.datatype.jsr310.deser.DurationDeserializer;
-
-import javax.annotation.Nullable;
-import java.io.IOException;
-import java.math.BigDecimal;
-import java.time.Duration;
-
-/**
- * Safe deserializer for `Instant` that rejects big decimal values out of the range of Long.
- * They take forever to deserialize and can be used in a DoS attack.
- */
-class SafeDurationDeserializer extends StdScalarDeserializer<Duration> {
-
-    private static final BigDecimal MAX_DURATION = new BigDecimal(Long.MAX_VALUE);
-    private static final BigDecimal MIN_DURATION = new BigDecimal(Long.MIN_VALUE);
-
-    SafeDurationDeserializer() {
-        super(Duration.class);
-    }
-
-    @Override
-    @Nullable
-    public Duration deserialize(JsonParser parser, DeserializationContext context) throws IOException {
-        if (parser.getCurrentTokenId() == JsonTokenId.ID_NUMBER_FLOAT) {
-            BigDecimal value = parser.getDecimalValue();
-            // new BigDecimal("1e1000000000").longValue() takes forever to complete
-            if (value.compareTo(MAX_DURATION) > 0 || value.compareTo(MIN_DURATION) < 0) {
-                throw new IllegalArgumentException("Value is out of range of Duration");
-            }
-        }
-        return DurationDeserializer.INSTANCE.deserialize(parser, context);
-    }
-}
diff --git a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeInstantDeserializer.java b/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeInstantDeserializer.java
deleted file mode 100644
index db358102303..00000000000
--- a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeInstantDeserializer.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package io.dropwizard.jackson;
-
-import com.fasterxml.jackson.databind.DeserializationContext;
-import com.fasterxml.jackson.datatype.jsr310.deser.InstantDeserializer;
-
-import javax.annotation.Nullable;
-import java.math.BigDecimal;
-import java.time.Instant;
-import java.time.ZoneId;
-import java.time.format.DateTimeFormatter;
-import java.time.temporal.Temporal;
-import java.time.temporal.TemporalAccessor;
-import java.util.function.BiFunction;
-import java.util.function.Function;
-
-/**
- * Safe deserializer for `Instant` that rejects big decimal values that take forever to deserialize
- * and can be used in a DoS attack.
- */
-class SafeInstantDeserializer<T extends Temporal> extends InstantDeserializer<T> {
-
-    private static final BigDecimal MAX_INSTANT = new BigDecimal(Instant.MAX.getEpochSecond() + 1);
-    private static final BigDecimal MIN_INSTANT = new BigDecimal(Instant.MIN.getEpochSecond());
-
-    SafeInstantDeserializer(Class<T> supportedType,
-                            DateTimeFormatter formatter,
-                            Function<TemporalAccessor, T> parsedToValue,
-                            Function<FromIntegerArguments, T> fromMilliseconds,
-                            Function<FromDecimalArguments, T> fromNanoseconds,
-                            @Nullable BiFunction<T, ZoneId, T> adjust,
-                            boolean replaceZeroOffsetAsZ) {
-        super(supportedType, formatter, parsedToValue, fromMilliseconds, fromNanoseconds, adjust, replaceZeroOffsetAsZ);
-    }
-
-    @Override
-    protected T _fromDecimal(DeserializationContext context, BigDecimal value) {
-        // new BigDecimal("1e1000000000").longValue() takes forever to complete
-        if (value.compareTo(MAX_INSTANT) >= 0 || value.compareTo(MIN_INSTANT) < 0) {
-            throw new IllegalArgumentException("Value is out of range of Instant");
-        }
-        return super._fromDecimal(context, value);
-    }
-}
diff --git a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeJavaTimeModule.java b/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeJavaTimeModule.java
deleted file mode 100644
index d6fda7e006e..00000000000
--- a/dropwizard-jackson/src/main/java/io/dropwizard/jackson/SafeJavaTimeModule.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package io.dropwizard.jackson;
-
-import com.fasterxml.jackson.databind.module.SimpleModule;
-import com.fasterxml.jackson.datatype.jsr310.deser.InstantDeserializer;
-import com.fasterxml.jackson.module.paramnames.PackageVersion;
-
-import java.time.Duration;
-import java.time.Instant;
-import java.time.OffsetDateTime;
-import java.time.ZonedDateTime;
-import java.time.format.DateTimeFormatter;
-
-/**
- * Module that provides safe deserializers for Instant and Duration that reject big decimal values
- * outside of their range which are extremely CPU-heavy to parse.
- */
-class SafeJavaTimeModule extends SimpleModule {
-
-    private static final InstantDeserializer<Instant> INSTANT = new SafeInstantDeserializer<>(
-        Instant.class, DateTimeFormatter.ISO_INSTANT,
-        Instant::from,
-        a -> Instant.ofEpochMilli(a.value),
-        a -> Instant.ofEpochSecond(a.integer, a.fraction),
-        null,
-        true
-    );
-
-    private static final InstantDeserializer<OffsetDateTime> OFFSET_DATE_TIME = new SafeInstantDeserializer<>(
-        OffsetDateTime.class, DateTimeFormatter.ISO_OFFSET_DATE_TIME,
-        OffsetDateTime::from,
-        a -> OffsetDateTime.ofInstant(Instant.ofEpochMilli(a.value), a.zoneId),
-        a -> OffsetDateTime.ofInstant(Instant.ofEpochSecond(a.integer, a.fraction), a.zoneId),
-        (d, z) -> d.withOffsetSameInstant(z.getRules().getOffset(d.toLocalDateTime())),
-        true
-    );
-
-    private static final InstantDeserializer<ZonedDateTime> ZONED_DATE_TIME = new SafeInstantDeserializer<>(
-        ZonedDateTime.class, DateTimeFormatter.ISO_ZONED_DATE_TIME,
-        ZonedDateTime::from,
-        a -> ZonedDateTime.ofInstant(Instant.ofEpochMilli(a.value), a.zoneId),
-        a -> ZonedDateTime.ofInstant(Instant.ofEpochSecond(a.integer, a.fraction), a.zoneId),
-        ZonedDateTime::withZoneSameInstant,
-        false
-    );
-
-    SafeJavaTimeModule() {
-        super(PackageVersion.VERSION);
-        addDeserializer(Instant.class, INSTANT);
-        addDeserializer(OffsetDateTime.class, OFFSET_DATE_TIME);
-        addDeserializer(ZonedDateTime.class, ZONED_DATE_TIME);
-        addDeserializer(Duration.class, new SafeDurationDeserializer());
-    }
-}
diff --git a/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToDurationTest.java b/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToDurationTest.java
index 90d493088cc..3fc0df45a85 100644
--- a/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToDurationTest.java
+++ b/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToDurationTest.java
@@ -16,10 +16,9 @@ public class JacksonDeserializationOfBigNumbersToDurationTest {
     private final ObjectMapper objectMapper = Jackson.newObjectMapper();
 
     @Test(timeout = 5000)
-    public void testDoesNotAttemptToDeserializeExtremelyBigNumbers() {
-        assertThatExceptionOfType(JsonMappingException.class).isThrownBy(
-            () -> objectMapper.readValue("{\"id\": 42, \"duration\": 1e1000000000}", Task.class))
-            .withMessageStartingWith("Value is out of range of Duration");
+    public void testDoesNotAttemptToDeserializeExtremelyBigNumbers() throws Exception {
+        Task task = objectMapper.readValue("{\"id\": 42, \"duration\": 1e1000000000}", Task.class);
+        assertThat(task.getDuration()).isEqualTo(Duration.ofSeconds(0));
     }
 
     @Test
diff --git a/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToInstantTest.java b/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToInstantTest.java
index 49ea8ff4083..fa59b9d7f0d 100644
--- a/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToInstantTest.java
+++ b/dropwizard-jackson/src/test/java/io/dropwizard/jackson/JacksonDeserializationOfBigNumbersToInstantTest.java
@@ -16,10 +16,9 @@ public class JacksonDeserializationOfBigNumbersToInstantTest {
     private final ObjectMapper objectMapper = Jackson.newObjectMapper();
 
     @Test(timeout = 5000)
-    public void testDoesNotAttemptToDeserializeExtremelBigNumbers() {
-        assertThatExceptionOfType(JsonMappingException.class).isThrownBy(
-            () -> objectMapper.readValue("{\"id\": 42, \"createdAt\": 1e1000000000}", Event.class))
-            .withMessageStartingWith("Value is out of range of Instant");
+    public void testDoesNotAttemptToDeserializeExtremelBigNumbers() throws Exception {
+        Event event = objectMapper.readValue("{\"id\": 42, \"createdAt\": 1e1000000000}", Event.class);
+        assertThat(event.getCreatedAt()).isEqualTo(Instant.ofEpochMilli(0));
     }
 
     @Test