Project

General

Profile

task #8868

Bump Jackson dependencies to >= 2.9.10.1

Added by Andreas Kohlbecker 8 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Highest
Category:
cdmlib
Target version:
Start date:
02/29/2020
Due date:
% Done:

100%

Severity:
normal

Description

Currently we are using v2.6.5 which has multiple highly severe security issues: https://github.com/cybertaxonomy/cdmlib/network/alert/pom.xml/com.fasterxml.jackson.core:jackson-databind/open

Another reason for upgrading is that in the context of #5083 we need to use iiif-apis which requires Jackson >= 2.9.0.


Related issues

Related to Edit - feature request #4716: Other dependencies to be updated Resolved 11/26/2015 02/01/2016

Associated revisions

Revision cec7510d (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 & ref #5083 bumping jackson to 2.10.2

Revision 029ea231 (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 updating jetty to 9.2.9.v20150224

Revision aea75171 (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 updating jetty to 9.4.26.v20200117

Revision 5c3f2528 (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 managing jetty-version as property from parent pom v=9.4.26.v20200117

Revision 959179bc (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868, ref #8873 fixing build lifecycle for maven 3.6.*

Revision 2174ddff (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 configuring jetty-maven-plugin to support packaging 'eclipse-test-plugin'

Revision 33d62613 (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 upgrading to jetty 9.4.26.v20200117

Revision 088ca9bf (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 adding jetty-http to plugin

Revision add676c0 (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 adding jetty-io to plugin

Revision 0eb94f0f (diff)
Added by Andreas Kohlbecker 8 months ago

ref #8868 adding jetty-security to copy dependencies

History

#1 Updated by Andreas Kohlbecker 8 months ago

IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)

Jetty 9.4.15 works well, whereas I had problems with 9.4.27

#2 Updated by Andreas Kohlbecker 8 months ago

Andreas Kohlbecker wrote:

IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)

Jetty 9.4.15 works well, whereas I had problems with 9.4.27

cdm-server is already upgraded to 9.4.26.v20200117

#3 Updated by Andreas Kohlbecker 8 months ago

The maven-jetty plugins in cdmlib-remote-webapp and in cdm-vaadin are on 9.4.15.v20190215

#4 Updated by Andreas Kohlbecker 8 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 20

#5 Updated by Andreas Kohlbecker 8 months ago

  • Status changed from In Progress to Feedback
  • Assignee changed from Andreas Kohlbecker to Katja Luther
  • % Done changed from 20 to 40

waiting for Katja checking the if the last problem in the taxeditor project is caused by something else:

Eigentlich sollte alles wieder funktionieren, jedoch schlägt der eu.etaxonomy.taxeditor.service.ProgressMonitorServiceTest fehl
wenn man mvn clean install auf dem kompletten Projekt macht. Wenn ich den Test separat ausführe, also mvn integration-test nur auf taxeditor/eu.etaxonomy.taxeditor.test oder aus Eclipse heraus läuft er durch.

Ich bin mir nicht sicher ob das noch was mit meinen Änderungen zu tun hat. Vielleicht könntest du Katja dir das mal ansehen?

#6 Updated by Katja Luther 8 months ago

this seems to be fixed.

#7 Updated by Katja Luther 8 months ago

  • Status changed from Feedback to Closed
  • Assignee changed from Katja Luther to Andreas Kohlbecker
  • % Done changed from 40 to 100

#8 Updated by Andreas Müller 2 months ago

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)