task #8868
closedBump Jackson dependencies to >= 2.9.10.1
100%
Description
Currently we are using v2.6.5 which has multiple highly severe security issues: https://github.com/cybertaxonomy/cdmlib/network/alert/pom.xml/com.fasterxml.jackson.core:jackson-databind/open
Another reason for upgrading is that in the context of #5083 we need to use iiif-apis which requires Jackson >= 2.9.0.
Related issues
Updated by Andreas Kohlbecker about 4 years ago
IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)
Jetty 9.4.15 works well, whereas I had problems with 9.4.27
Updated by Andreas Kohlbecker about 4 years ago
Andreas Kohlbecker wrote:
IMPORTANT: the newer jackson jars are JEP-238 Jar, therefore it is needed to upgrade all usages of Jetty to 9.4.9 (or newer)
Jetty 9.4.15 works well, whereas I had problems with 9.4.27
cdm-server is already upgraded to 9.4.26.v20200117
Updated by Andreas Kohlbecker about 4 years ago
The maven-jetty plugins in cdmlib-remote-webapp
and in cdm-vaadin
are on 9.4.15.v20190215
Updated by Andreas Kohlbecker about 4 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 20
Updated by Andreas Kohlbecker about 4 years ago
- Status changed from In Progress to Feedback
- Assignee changed from Andreas Kohlbecker to Katja Luther
- % Done changed from 20 to 40
waiting for Katja checking the if the last problem in the taxeditor project is caused by something else:
Eigentlich sollte alles wieder funktionieren, jedoch schlägt der eu.etaxonomy.taxeditor.service.ProgressMonitorServiceTest
fehl
wenn man mvn clean install
auf dem kompletten Projekt macht. Wenn ich den Test separat ausführe, also mvn integration-test
nur auf taxeditor/eu.etaxonomy.taxeditor.test
oder aus Eclipse heraus läuft er durch.
Ich bin mir nicht sicher ob das noch was mit meinen Änderungen zu tun hat. Vielleicht könntest du Katja dir das mal ansehen?
Updated by Katja Luther about 4 years ago
- Status changed from Feedback to Closed
- Assignee changed from Katja Luther to Andreas Kohlbecker
- % Done changed from 40 to 100
Updated by Andreas Müller over 3 years ago
- Related to feature request #4716: Other dependencies to be updated added