Closed eoliphan closed 5 months ago
The current jackson version has some known issues that are addressed as of the latest releases
Transitive deps shouldn't have issues
SCA scans flag some known issues.
Perform an sca scan
Upgrade jackson
It may be useful to integrate GH actions, maven plugins, etc that automate sca scans
1.12.741
openjdk version "1.8.0_402" OpenJDK Runtime Environment Corretto-8.402.06.1 (build 1.8.0_402-b06) OpenJDK 64-Bit Server VM Corretto-8.402.06.1 (build 25.402-b06, mixed mode)
AWS linux 2
@eoliphan do you have a report of the known issues? Is any issue security-related?
For context, Java SDK v1 cannot upgrade away from jackson databind 2.17.7.x, it can introduce some breaking changes.
Upcoming End-of-Support
Describe the bug
The current jackson version has some known issues that are addressed as of the latest releases
Expected Behavior
Transitive deps shouldn't have issues
Current Behavior
SCA scans flag some known issues.
Reproduction Steps
Perform an sca scan
Possible Solution
Upgrade jackson
Additional Information/Context
It may be useful to integrate GH actions, maven plugins, etc that automate sca scans
AWS Java SDK version used
1.12.741
JDK version used
openjdk version "1.8.0_402" OpenJDK Runtime Environment Corretto-8.402.06.1 (build 1.8.0_402-b06) OpenJDK 64-Bit Server VM Corretto-8.402.06.1 (build 25.402-b06, mixed mode)
Operating System and version
AWS linux 2