[jira] [Assigned] (TINKERPOP-2401) Upgrade Jackson-databind to 2.11.x

[Stephen Mallette (Jira)]

     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stephen Mallette reassigned TINKERPOP-2401:
-------------------------------------------

       Assignee: Stephen Mallette
    Description: 
Currently TinkerPop uses 2.9.10.5 version which has known [security 
vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/version_id-353769/Fasterxml-Jackson-databind-2.9.10.html].

As per guidance from Jackson-databind, 2.9.x is a non-active branch. To quote 
from https://github.com/FasterXML/jackson

{quote}2.9: non-active branch from which micro-patch releases (like 2.9.10.5) 
MAY be made for individual components (jackson-databind usually){quote}

Backport 2.11.x from master to 3.4-dev

  was:
Currently TinkerPop uses 2.9.10.5 version which has known [security 
vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/version_id-353769/Fasterxml-Jackson-databind-2.9.10.html].

As per guidance from Jackson-databind, 2.9.x is a non-active branch. To quote 
from https://github.com/FasterXML/jackson

{quote}2.9: non-active branch from which micro-patch releases (like 2.9.10.5) 
MAY be made for individual components (jackson-databind usually){quote}

        Summary: Upgrade Jackson-databind to 2.11.x  (was: Upgrade 
Jackson-databind to 2.10.x)

Couldn't think of a reason not to backport the change from {{master}}. 

> Upgrade Jackson-databind to 2.11.x
> ----------------------------------
>
>                 Key: TINKERPOP-2401
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2401
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.4.8
>            Reporter: Divij Vaidya
>            Assignee: Stephen Mallette
>            Priority: Major
>
> Currently TinkerPop uses 2.9.10.5 version which has known [security 
> vulnerabilities|https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-42991/version_id-353769/Fasterxml-Jackson-databind-2.9.10.html].
> As per guidance from Jackson-databind, 2.9.x is a non-active branch. To quote 
> from https://github.com/FasterXML/jackson
> {quote}2.9: non-active branch from which micro-patch releases (like 2.9.10.5) 
> MAY be made for individual components (jackson-databind usually){quote}
> Backport 2.11.x from master to 3.4-dev



--
This message was sent by Atlassian Jira
(v8.3.4#803005)