task #8868
Bump Jackson dependencies to >= 2.9.10.1
100%
Description
Currently we are using v2.6.5 which has multiple highly severe security issues: https://github.com/cybertaxonomy/cdmlib/network/alert/pom.xml/com.fasterxml.jackson.core:jackson-databind/open
Another reason for upgrading is that in the context of #5083 we need to use iiif-apis which requires Jackson >= 2.9.0.
Related issues
Associated revisions
ref #8868 updating jetty to 9.2.9.v20150224
ref #8868 updating jetty to 9.4.26.v20200117
ref #8868 managing jetty-version as property from parent pom v=9.4.26.v20200117
ref #8868 configuring jetty-maven-plugin to support packaging 'eclipse-test-plugin'
ref #8868 upgrading to jetty 9.4.26.v20200117
ref #8868 adding jetty-http to plugin
ref #8868 adding jetty-io to plugin
ref #8868 adding jetty-security to copy dependencies
History
#1 Updated by Andreas Kohlbecker 11 months ago
IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)
Jetty 9.4.15 works well, whereas I had problems with 9.4.27
#2 Updated by Andreas Kohlbecker 11 months ago
Andreas Kohlbecker wrote:
IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)
Jetty 9.4.15 works well, whereas I had problems with 9.4.27
cdm-server is already upgraded to 9.4.26.v20200117
#3 Updated by Andreas Kohlbecker 11 months ago
The maven-jetty plugins in cdmlib-remote-webapp
and in cdm-vaadin
are on 9.4.15.v20190215
#4 Updated by Andreas Kohlbecker 11 months ago
- Status changed from New to In Progress
- % Done changed from 0 to 20
#5 Updated by Andreas Kohlbecker 11 months ago
- Status changed from In Progress to Feedback
- Assignee changed from Andreas Kohlbecker to Katja Luther
- % Done changed from 20 to 40
waiting for Katja checking the if the last problem in the taxeditor project is caused by something else:
Eigentlich sollte alles wieder funktionieren, jedoch schlägt der eu.etaxonomy.taxeditor.service.ProgressMonitorServiceTest
fehl
wenn man mvn clean install
auf dem kompletten Projekt macht. Wenn ich den Test separat ausführe, also mvn integration-test
nur auf taxeditor/eu.etaxonomy.taxeditor.test
oder aus Eclipse heraus läuft er durch.
Ich bin mir nicht sicher ob das noch was mit meinen Änderungen zu tun hat. Vielleicht könntest du Katja dir das mal ansehen?
#6 Updated by Katja Luther 11 months ago
this seems to be fixed.
#7 Updated by Katja Luther 11 months ago
- Status changed from Feedback to Closed
- Assignee changed from Katja Luther to Andreas Kohlbecker
- % Done changed from 40 to 100
#8 Updated by Andreas Müller 5 months ago
- Related to feature request #4716: Other dependencies to be updated added