[ONGDB-294] Upgrade to Jackson 2.13.3 - GraphFoundation Jira

XML

Word

Printable

Details

Type: Story
Status: Done
Priority: Highest
Resolution: Done
Affects Version/s: 1.0.1
Fix Version/s: 1.0.3
Component/s: None
Labels:
None

Description

Upgrade from Jackson 1.9 to Jackson 2.x to fix high security vulnerability:

Improper Restriction of XML External Entity Reference in jackson-mapper-asl

The following Jackson 1.9 dependencies will need to be replaced with Jackson 2.x equivalents:

<dependency>
    <groupId>org.codehaus.jackson</groupId>
    <artifactId>jackson-core-asl</artifactId>
    <version>1.9.13</version>
</dependency>
<dependency>
    <groupId>org.codehaus.jackson</groupId>
    <artifactId>jackson-jaxrs</artifactId>
    <version>1.9.13</version>
</dependency>
<dependency>
    <groupId>org.codehaus.jackson</groupId>
    <artifactId>jackson-mapper-asl</artifactId>
    <version>1.9.13</version>
</dependency>

The following modules utilize these dependencies:

community/bolt
community/push-to-cloud
community/server

There are 76 matches across 40 files for the Jackson 1.9 import:

import org.codehaus.jackson

Attachments

Activity

People

Assignee:: Amanda Bouman

Reporter:: Brad Nussbaum

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 14/Jun/22 2:51 PM

Updated:: 17/Jun/22 6:27 PM

Resolved:: 16/Jun/22 5:43 PM