[ https://issues.apache.org/jira/browse/OOZIE-3172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16346364#comment-16346364 ]
Peter Cseh commented on OOZIE-3172: ----------------------------------- if I see correctly we're only using jackson in the server side and in the Oozie client. In the sharelib we're only using it in tests. We could get away by changing the scope or changing that tests to not do that so we don't use jackson in our sharelibs at all. > Upgrade non-transitive Jackson dependencies from org.codehaus.jackson to > com.fasterxml.jackson > ---------------------------------------------------------------------------------------------- > > Key: OOZIE-3172 > URL: https://issues.apache.org/jira/browse/OOZIE-3172 > Project: Oozie > Issue Type: Improvement > Components: core > Affects Versions: 5.0.0b1 > Reporter: Andras Piros > Assignee: Andras Piros > Priority: Major > Attachments: OOZIE-3172.001.patch, OOZIE-3172.002.patch > > > Jackson 1.9.3 is way too old, and has several security vulnerabilities as > well. Jackson 2.9.2 covers most of these. > Let's switch from {{org.codehaus.jackson}} to {{com.fasterxml.jackson}} in > Oozie's direct (non-transitive) dependencies. -- This message was sent by Atlassian JIRA (v7.6.3#76005)