Re: [jira] [Resolved] (JENA-1696) Update jsonld-java and its Jackson dependencies

Andy Seaborne Fri, 29 Mar 2019 07:56:15 -0700

This is about FasterXML-Jackson -- JSON, not XML.

    Andy


On 29/03/2019 13:40, Claude Warren wrote:

Does this change remove the woodstox xml parser?  There are issues with how
that parser functions such that de-serializing TRIX statements may fail.  I
encountered this before and the discussion about the parser can be found
here:
https://github.com/FasterXML/woodstox/issues/57

On Fri, Mar 29, 2019 at 10:21 AM Andy Seaborne (JIRA) <[email protected]>
wrote:


      [
https://issues.apache.org/jira/browse/JENA-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andy Seaborne resolved JENA-1696.
---------------------------------
     Resolution: Fixed

Update jsonld-java and its Jackson dependencies
-----------------------------------------------

                 Key: JENA-1696
                 URL: https://issues.apache.org/jira/browse/JENA-1696
             Project: Apache Jena
          Issue Type: Task
    Affects Versions: Jena 3.10.0
            Reporter: Andy Seaborne
            Assignee: Andy Seaborne
            Priority: Major
             Fix For: Jena 3.11.0

          Time Spent: 1h 10m
  Remaining Estimate: 0h

Jackson databind has been a source security CVE issues.
While jsonld-java does not appear to depend on the attacked feature

(polymorphic binding), the presense of jackson jars with CVEs cause alters
from security scanning tools.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: [jira] [Resolved] (JENA-1696) Update jsonld-java and its Jackson dependencies

Reply via email to