Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Jackson to 2.13.x #3385

Closed
3 tasks done
barthanssens opened this issue Nov 1, 2021 · 3 comments · Fixed by #4133
Closed
3 tasks done

Upgrade Jackson to 2.13.x #3385

barthanssens opened this issue Nov 1, 2021 · 3 comments · Fixed by #4133
Assignees
@barthanssens
Labels
dependencies Pull requests that update a dependency file 📶 enhancement issue is a new feature or improvement security
Milestone
4.1.1

Comments

@barthanssens
Copy link
Contributor

barthanssens commented Nov 1, 2021
edited
Loading

Problem description

To keep libraries up to date, check if we could upgrade Jackson dependency from 2.11.x to 2.12.x (2.13 is also available, but fairly new) 2.13, since it also fixes a CVE

Preferred solution

Use to a more recent version, e.g. 2.12.4 2.13.3

Are you interested in contributing a solution yourself?

Yes

Alternatives you've considered

No response

Anything else?

See release notes on https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13

CQs

  • CQ24135 (PB) jackson-annotations 2.13.3
  • CQ24134 (PB) jackson-core 2.13.3
  • CQ24136 (PB) jackson-databind 2.13.3
@barthanssens barthanssens added 📶 enhancement issue is a new feature or improvement dependencies Pull requests that update a dependency file labels Nov 1, 2021
@barthanssens barthanssens added this to the 4.0.0 milestone Nov 1, 2021
@barthanssens barthanssens self-assigned this Nov 1, 2021
@hmottestad hmottestad modified the milestones: 4.0.0, 4.1.0 Apr 22, 2022
@hmottestad hmottestad added M1 Fixed in milestone 1 and removed M1 Fixed in milestone 1 labels Jul 2, 2022
@hmottestad hmottestad modified the milestones: 4.1.0, 4.2.0 Jul 31, 2022
@barthanssens
Copy link
Contributor Author

Somewhat more urgent due to CVE-2020-36518 , it is recommended to upgrade to 2.13.0

@barthanssens
Copy link
Contributor Author

See also #4125

@barthanssens barthanssens changed the title Upgrade Jackson to 2.12.x Upgrade Jackson to 2.13.x Aug 29, 2022
@barthanssens
Copy link
Contributor Author

May also affect jsonld-java (and/or other dependencies which include jackson-* artifacts)

@barthanssens barthanssens added the ✋ CQ-Pending requires a CQ to be approved label Aug 29, 2022
@barthanssens barthanssens modified the milestones: 4.2.0, 4.1.1 Aug 29, 2022
@barthanssens barthanssens removed the ✋ CQ-Pending requires a CQ to be approved label Aug 29, 2022
barthanssens added a commit to Fedict/rdf4j that referenced this issue Aug 29, 2022
@barthanssens
eclipse-rdf4jGH-3385-jackson-upgrade
ffb93a3 
Signed-off-by: Bart Hanssens <bart.hanssens@bosa.fgov.be>
@barthanssens barthanssens mentioned this issue Aug 29, 2022
Merged
5 tasks
hmottestad added a commit that referenced this issue Aug 31, 2022
@hmottestad
Merge pull request #4133 from Fedict/GH-3385-jackson-upgrade
09b4a41 
GH-3385-jackson-upgrade
hmottestad pushed a commit that referenced this issue Aug 31, 2022
@barthanssens @hmottestad
GH-3385 backport of GH-4133
04d4f3d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barthanssens barthanssens

Labels
dependencies Pull requests that update a dependency file 📶 enhancement issue is a new feature or improvement security
Projects
None yet
Milestone
4.1.1
Development

Successfully merging a pull request may close this issue.

GH-3385-jackson-upgrade Fedict/rdf4j
2 participants
@hmottestad @barthanssens