Project

General

Profile

Actions

task #8868

closed

Bump Jackson dependencies to >= 2.9.10.1

Added by Andreas Kohlbecker almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Highest
Category:
cdmlib
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Severity:
normal

Description

Currently we are using v2.6.5 which has multiple highly severe security issues: https://github.com/cybertaxonomy/cdmlib/network/alert/pom.xml/com.fasterxml.jackson.core:jackson-databind/open

Another reason for upgrading is that in the context of #5083 we need to use iiif-apis which requires Jackson >= 2.9.0.


Related issues

Related to EDIT - feature request #4716: Other dependencies to be updatedClosedAndreas Müller

Actions
Actions #1

Updated by Andreas Kohlbecker almost 3 years ago

IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)

Jetty 9.4.15 works well, whereas I had problems with 9.4.27

Actions #2

Updated by Andreas Kohlbecker almost 3 years ago

Andreas Kohlbecker wrote:

IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)

Jetty 9.4.15 works well, whereas I had problems with 9.4.27

cdm-server is already upgraded to 9.4.26.v20200117

Actions #3

Updated by Andreas Kohlbecker almost 3 years ago

The maven-jetty plugins in cdmlib-remote-webapp and in cdm-vaadin are on 9.4.15.v20190215

Actions #4

Updated by Andreas Kohlbecker almost 3 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 20
Actions #5

Updated by Andreas Kohlbecker almost 3 years ago

  • Status changed from In Progress to Feedback
  • Assignee changed from Andreas Kohlbecker to Katja Luther
  • % Done changed from 20 to 40

waiting for Katja checking the if the last problem in the taxeditor project is caused by something else:

Eigentlich sollte alles wieder funktionieren, jedoch schlägt der eu.etaxonomy.taxeditor.service.ProgressMonitorServiceTest fehl
wenn man mvn clean install auf dem kompletten Projekt macht. Wenn ich den Test separat ausführe, also mvn integration-test nur auf taxeditor/eu.etaxonomy.taxeditor.test oder aus Eclipse heraus läuft er durch.

Ich bin mir nicht sicher ob das noch was mit meinen Änderungen zu tun hat. Vielleicht könntest du Katja dir das mal ansehen?

Actions #6

Updated by Katja Luther almost 3 years ago

this seems to be fixed.

Actions #7

Updated by Katja Luther almost 3 years ago

  • Status changed from Feedback to Closed
  • Assignee changed from Katja Luther to Andreas Kohlbecker
  • % Done changed from 40 to 100
Actions #8

Updated by Andreas Müller over 2 years ago

Actions

Also available in: Atom PDF