On Thu, Oct 24, 2019 at 10:51 AM Ron Karim (Oracle Corp.) <[email protected]> wrote: > > Due to security reports, we have to replace the jackson 2.9.9.3 at the > corporate level. > > Should we go for the versino jackson_databind 2.10 or the 2.9.10 ? Not sure > if 2.10 is stable enough. We want to be careful as a lot of products and > users utilize this library, we want to use the latest due to the security > issue reported to the older version but stability is critical.
2.10.0 is the latest minor version considered stable (unlike pre-release 2.10.0.pr1 / 2 / 3) and not considered experimental. But being new minor version there are sometimes small issues from previous minor version so something corporations may want to wait for the first patch: 2.10.1 should be released within next 2 weeks or so. So unless it absolutely has to be done right now, I would considering going to 2.10.1 when it gets released (but starting testing now with 2.10.0). In the meantime there is 2.9.10 full set with 2.9.10.1 jackson-databind that is trivial update riskwise. Now: the really big thing about 2.10.0 -- and the reason why I think you should start planning for upgrade -- is that the whole class of vulnerabilities (CVEs) will not be applicable to it any more, unlike for 2.9 and earlier. See: https://blog.sonatype.com/jackson-databind-the-end-of-the-blacklist I hope this helps, -+ Tatu +- > > Thanks. > > -- > You received this message because you are subscribed to the Google Groups > "jackson-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jackson-user/379fd411-34b3-472a-a156-0f436f0e5188%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/CAL4a10gGuMxCRei0obBDr6fQ7Vb6h0o5%2BeC5wY_zaJcEybyEFw%40mail.gmail.com.
