helix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laurent Boutry (Jira)" <j...@apache.org>
Subject [jira] [Commented] (HELIX-747) Replace org.codehaus.jackson with FasterXML/jackson
Date Fri, 22 Nov 2019 10:22:00 GMT

    [ https://issues.apache.org/jira/browse/HELIX-747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16980041#comment-16980041
] 

Laurent Boutry commented on HELIX-747:
--------------------------------------

+1

Helix relies on an obsolete version of Jackson (jackson-core-asl 1.8.5 + jackson-mapper-asl
1.8.5) which include a lot of critical vulnerabilities.

Could you consider upgrading these dependencies ?

> Replace org.codehaus.jackson with FasterXML/jackson
> ---------------------------------------------------
>
>                 Key: HELIX-747
>                 URL: https://issues.apache.org/jira/browse/HELIX-747
>             Project: Apache Helix
>          Issue Type: Task
>            Reporter: Jiajun Wang
>            Priority: Major
>
> The current json lib Helix uses is out of date. We should consider replacing it with
a well-maintained lib.
> FasterXML/jackson is compatible with the current lib we used. So it could be a good candidate.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message