You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@helix.apache.org by "Laurent Boutry (Jira)" <ji...@apache.org> on 2019/11/22 10:22:00 UTC
[jira] [Commented] (HELIX-747) Replace org.codehaus.jackson with
FasterXML/jackson
[ https://issues.apache.org/jira/browse/HELIX-747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16980041#comment-16980041 ]
Laurent Boutry commented on HELIX-747:
--------------------------------------
+1
Helix relies on an obsolete version of Jackson (jackson-core-asl 1.8.5 + jackson-mapper-asl 1.8.5) which include a lot of critical vulnerabilities.
Could you consider upgrading these dependencies ?
> Replace org.codehaus.jackson with FasterXML/jackson
> ---------------------------------------------------
>
> Key: HELIX-747
> URL: https://issues.apache.org/jira/browse/HELIX-747
> Project: Apache Helix
> Issue Type: Task
> Reporter: Jiajun Wang
> Priority: Major
>
> The current json lib Helix uses is out of date. We should consider replacing it with a well-maintained lib.
> FasterXML/jackson is compatible with the current lib we used. So it could be a good candidate.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)