Can you update fasterxml.jackson to 2.14.2 (or later)? #6865
pcreager23
started this conversation in
General
Replies: 1 comment 1 reply
-
@pcreager23 We won't update to Jackson 2.14.x in the Dropwizard 2.1.x branch. Even though there are no (known?) breaking changes, we want to avoid bad surprises for our users. This being said, I think you have two ways forward:
|
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
@joschi, et al,
I know that dropwizard is not in fact affected by the GHSA-mjmj-j48q-9wg2 bug in snakeyaml, however several scanners still flag dropwizard since it contains the pre-patched version of snakeyaml, by way of Jackson/FasterXML. (transitive dependency)
So could you please upgrade fasterxml.jackson to 2.14.2 (or later) to quiet these scanners?
Thank you in advance from those of us in the trenches in Corporate IT!
Beta Was this translation helpful? Give feedback.
All reactions