[ 
https://issues.apache.org/jira/browse/STORM-2985?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Arun Mahadevan updated STORM-2985:
----------------------------------
    Description: 
 

We recently upgraded to jackson version 2.9.4. However different versions of 
jackson-annotation dependencies are inherited via transitive dependencies of 
other jars. Its best to keep it in sync.

  was:
Storm 1.x branch uses jackson 2.6.3 which has some known vulnerabilities.

 

Upgrade to the latest jackson version 2.9.4 in 1.x and master branch.

 

 


> Add jackson-annotations to dependency management
> ------------------------------------------------
>
>                 Key: STORM-2985
>                 URL: https://issues.apache.org/jira/browse/STORM-2985
>             Project: Apache Storm
>          Issue Type: Bug
>            Reporter: Arun Mahadevan
>            Assignee: Arun Mahadevan
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.2.2
>
>
>  
> We recently upgraded to jackson version 2.9.4. However different versions of 
> jackson-annotation dependencies are inherited via transitive dependencies of 
> other jars. Its best to keep it in sync.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to