You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@helix.apache.org by "Laurent Boutry (Jira)" <ji...@apache.org> on 2019/11/22 10:22:00 UTC

[jira] [Commented] (HELIX-747) Replace org.codehaus.jackson with FasterXML/jackson

    [ https://issues.apache.org/jira/browse/HELIX-747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16980041#comment-16980041 ] 

Laurent Boutry commented on HELIX-747:
--------------------------------------

+1

Helix relies on an obsolete version of Jackson (jackson-core-asl 1.8.5 + jackson-mapper-asl 1.8.5) which include a lot of critical vulnerabilities.

Could you consider upgrading these dependencies ?

> Replace org.codehaus.jackson with FasterXML/jackson
> ---------------------------------------------------
>
>                 Key: HELIX-747
>                 URL: https://issues.apache.org/jira/browse/HELIX-747
>             Project: Apache Helix
>          Issue Type: Task
>            Reporter: Jiajun Wang
>            Priority: Major
>
> The current json lib Helix uses is out of date. We should consider replacing it with a well-maintained lib.
> FasterXML/jackson is compatible with the current lib we used. So it could be a good candidate.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)