-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade Jackson to the next open branch 2.10 #1388
Conversation
That's 3 branches up, which includes quite a few changes, it'd need to have some wider validation. Is staying on |
Hi,
Thanks for your reply.
Unfortunately, I didn't understand your question.
I had upgrade the jackson version from: 2.9.10 --> 2.12.3 because some
vulnerability (according to WhiteSource)
[image: image.png]
Can you please explain yourself?
Thanks and have a nice day,
Amit.
בתאריך יום ב׳, 17 במאי 2021 ב-19:59 מאת troshko111 <
***@***.***>:
… That's 3 branches up, which includes quite a few changes, it'd need to
have some wider validation. Is staying on 2.9.x viable for you?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1388 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJVF7DE6W6JX7VPZZ62HOY3TOFDOVANCNFSM425CHOIQ>
.
|
Sure, so Jackson has a number of "branches" in development, which differ in behavior (mostly minor but noticeable), see https://github.com/FasterXML/jackson/wiki/Jackson-Releases We're on What I'm saying, the users or even Eureka may not work as expected and we need to double check those changes / compatibilities don't break anything. It may be easier to do one step at a time, and move to Does it make sense? |
Hi there,
Thank you for your explanation. Yes it makes sense to upgrade to 2.10
instead of 2.13. you're right.
Can you please change it or I'll send a new PR?
Thank you and have a nice day,
Amit.
בתאריך יום ג׳, 18 במאי 2021 ב-0:45 מאת troshko111 <
***@***.***>:
… Sure, so Jackson has a number of "branches" in development, which differ
in behavior (mostly minor but noticeable), see
https://github.com/FasterXML/jackson/wiki/Jackson-Releases
We're on 2.9 branch which is closed so won't get new vulnerability
patches, meaning we need to move on, agreed. But in your PR you're skipping
through
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.10#changes-compatibility
and https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.11
completely - note the list of changes and incompatibilities.
What I'm saying, the users or even Eureka may not work as expected and we
need to double check those changes / compatibilities don't break anything.
It may be easier to do one step at a time, and move to 2.10 branch
instead (it should have the patches for the current CVEs), and only verify
that branch changes don't break anything, then in the future we can move to
2.11 and so on (until we're current).
Does it make sense?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1388 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJVF7DHI6RO67T3UN7LGOLLTOGE7ZANCNFSM425CHOIQ>
.
|
Keep the PR, feel free to push a new commit. |
Superseded by #1393. |
Done :)
#1395
BR,
Amit.
בתאריך יום ג׳, 18 במאי 2021 ב-22:06 מאת troshko111 <
***@***.***>:
… Keep the PR, feel free to push a new commit.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1388 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AJVF7DDNTJ6YR4I6OLENM5TTOK3EBANCNFSM425CHOIQ>
.
|
No description provided.