Does this change remove the woodstox xml parser? There are issues with how that parser functions such that de-serializing TRIX statements may fail. I encountered this before and the discussion about the parser can be found here: https://github.com/FasterXML/woodstox/issues/57
On Fri, Mar 29, 2019 at 10:21 AM Andy Seaborne (JIRA) <[email protected]> wrote: > > [ > https://issues.apache.org/jira/browse/JENA-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Andy Seaborne resolved JENA-1696. > --------------------------------- > Resolution: Fixed > > > Update jsonld-java and its Jackson dependencies > > ----------------------------------------------- > > > > Key: JENA-1696 > > URL: https://issues.apache.org/jira/browse/JENA-1696 > > Project: Apache Jena > > Issue Type: Task > > Affects Versions: Jena 3.10.0 > > Reporter: Andy Seaborne > > Assignee: Andy Seaborne > > Priority: Major > > Fix For: Jena 3.11.0 > > > > Time Spent: 1h 10m > > Remaining Estimate: 0h > > > > Jackson databind has been a source security CVE issues. > > While jsonld-java does not appear to depend on the attacked feature > (polymorphic binding), the presense of jackson jars with CVEs cause alters > from security scanning tools. > > > > -- > This message was sent by Atlassian JIRA > (v7.6.3#76005) > -- I like: Like Like - The likeliest place on the web <http://like-like.xenei.com> LinkedIn: http://www.linkedin.com/in/claudewarren
