Oracle corporation utilizes jackson_databind for many products and components, we are using jackson_databind 2.9.9.3 with a Java 7 build target.
We would like to uptake the latest jackson_databind version 2.10.x due to it's whitelisting security feature, hopefully cutting down on our numerous (and costly) version uptakes due to CVE's against them. We wanted to assess the risk and effort of migrating to jackson_databind 2.10 for the following poits: 1. Can we still use JDK 7 as target for 2.10 2. Will current implementations using jackson_databind 2.9.9.3 work the way they have been if we replace with jackson_databind 1.10.x ? Or is there a risk, which will require us to mandate testing of all components using jackson_databind (which is a big deal). Any recommendations on our assessment would help us go forward effectively with the migration (or not). Thanks -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jackson-user/cbf3f70b-07f6-4c34-b542-b09de31b9860%40googlegroups.com.
