[
https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346364#comment-16346364
]
Peter Cseh commented on OOZIE-3172:
-----------------------------------
if I see correctly we're only using jackson in the server side and in the Oozie
client. In the sharelib we're only using it in tests. We could get away by
changing the scope or changing that tests to not do that so we don't use
jackson in our sharelibs at all.
> Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to
> com.fasterxml.jackson
> ----------------------------------------------------------------------------------------------
>
> Key: OOZIE-3172
> URL: https://issues.apache.org/jira/browse/OOZIE-3172
> Project: Oozie
> Issue Type: Improvement
> Components: core
> Affects Versions: 5.0.0b1
> Reporter: Andras Piros
> Assignee: Andras Piros
> Priority: Major
> Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch
>
>
> Jackson 1.9.3 is way too old, and has several security vulnerabilities as
> well. Jackson 2.9.2 covers most of these.
> Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in
> Oozie's direct (non-transitive) dependencies.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
