[orbit-dev] Intent to upgrade Jackson stack from 2.6.2 to 2.8.9 for Phot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[orbit-dev] Intent to upgrade Jackson stack from 2.6.2 to 2.8.9 for Photon

From: Roland Grunberg <rgrunber@xxxxxxxxxx>
Date: Fri, 11 Aug 2017 14:46:17 -0400
Delivered-to: orbit-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/orbit-dev>
List-help: <mailto:orbit-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/orbit-dev>, <mailto:orbit-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/orbit-dev>, <mailto:orbit-dev-request@eclipse.org?subject=unsubscribe>

Due to https://github.com/FasterXML/jackson-databind/issues/1599 and many consumers choosing the option of upgrading to 2.8.9, I think it makes sense to do the same in Orbit. By default, consumers shouldn't be vulnerable unless they enable default typing.

Looking at the bundles themselves, there don't appear to be any new dependencies and it should not require any changes other than to just ensure builds are made to take the newer version.

I've CC'd those that have a Piggy-Back CQ against Orbit's jackson-databind 2.6.2 in the hopes that if there's any known issues with such a change, we'll know about them sooner.

Cheers,

Roland Grunberg

Prev by Date: Re: [orbit-dev] Binary-only distribution of 2 DRMAA bundles via Orbit ; not available from a mvn repo
Next by Date: [orbit-dev] S20170120205402 is gone and Platform-Neon-Maint can not be built anymore
Previous by thread: [orbit-dev] Oxygen.1 Release Preparations
Next by thread: [orbit-dev] S20170120205402 is gone and Platform-Neon-Maint can not be built anymore
Index(es):
- Date
- Thread

Breadcrumbs