[
https://issues.apache.org/jira/browse/SOLR-10036?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16455462#comment-16455462
]
Varun Thacker commented on SOLR-10036:
--------------------------------------
Kevin pointed me to
[this|https://nvd.nist.gov/vuln/search/results?adv_search=true&cpe=cpe%3a%2fa%3afasterxml%3ajackson-databind%3a2.5.4]
offline which is a list of CVEs for jackson . So we should upgrade jackson .
On the other hand if we can move it's usage to noggit or something then we
reduce another dependency . I'll start investigating tomorrow
> Revise jackson-core version from 2.5.4 to latest
> ------------------------------------------------
>
> Key: SOLR-10036
> URL: https://issues.apache.org/jira/browse/SOLR-10036
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Shashank Pedamallu
> Assignee: Varun Thacker
> Priority: Major
> Attachments: SOLR-10036.patch
>
>
> The current jackson-core dependency in Solr is not compatible with Amazon AWS
> S3 dependency. AWS S3 requires jackson-core-2.6.6 while Solr uses
> jackson-core-dependency-2.5.4. This is blocking the usage of latest updates
> from S3.
> It would be greatly helpful if someone could revise the jackson-core jar in
> Solr to the latest version. This is a ShowStopper for our Public company.
> Details of my Setup:
> Solr Version: 6.3
> AWS SDK version: 1.11.76
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
