Hello!
First of all: Search Guard does not use the jackson-databind library in a way that would use the vulnerable functionality of jackson-databind. Thus, Search Guard is not affected by this.
Just updating the library is unfortunately not easily possible, as Elasticsearch itself is providing a quite old version of the jackson-core library. In order to use jackson-databind, Search Guard has to use a version that is compatible with the provided jackson-core. Thus, the available version space is quite limited.
We are right now working on removing jackson-databind alltogehter. However, that is a larger undertaking that will not be possible for a minore release. We hope that we will finish this for the next major release of Search Guard.