Re: [jackson-user] Change in handling of enum when moving from 2.6 to 2.7

We are using the same representation objects both for XML and JSON, hence the `@XmlEnumValue` annotation. Thanks Tatu, a great answer that will help us resolve this issue. '@JsonProperty' seems to be the correct solution and it works as my tests show. Jan On Wednesday, June 15, 2016 at 8:32:2

Re: [jackson-user] CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for

So They've responded saying: The vulnerability description is provided via CVE data feeds. Please notify the CVE Assignment Team {cve-assign} at {mitre.org} if updates are required. I don't believe the CVE assignment team will take an update from me since I'm not the one that created it

Re: [jackson-user] CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for

Good idea -- I thought I saw some other note that mentioned the fix; but perhaps that was in some of Jackson distributions, release notes for 2.7.4 update. And thank you for bringing this up: it's bit tricky to know what the best way is to reach users. While it is difficult to gauge exact likeliho

Re: [jackson-user] CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for

Great. Thanks for the info. FYI, I emailed the NVD asking them to update the CVE to include the version it was fixed in since that wasn't included in the CVE. On Wednesday, June 15, 2016 at 2:25:15 PM UTC-4, Tatu Saloranta wrote: > > Yes. It was brought to our attention and fix: > > https://gi

Re: [jackson-user] Dynamic Json - Deserialization

There is no current functionality for inferring type from structure or values of JSON Objects. Something like that has been requested, but it is difficult to both think of how to generalize this (is there a declarative way of defining what and how to match?) as well as how to make it work through e

Re: [jackson-user] Change in handling of enum when moving from 2.6 to 2.7

Since `XmlEnumValue` is a JAXB annotation, it is used if (and only if) JAXB module is included. `@JsonProperty` is applied through standard `jackson-databind`. Precedence of annotations depends on how `AnnotationIntrospector`s are registered (which has precedence). I assume that you have JAXB modul

Re: [jackson-user] CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for

Yes. It was brought to our attention and fix: https://github.com/FasterXML/jackson-dataformat-xml/issues/190 was included in Jackson 2.7.4, Note that users can also resolve the issue by pre-configuring `XMLInputFactory` passed to `XmlMapper` so that external parsed entity resolution is disabled.

[jackson-user] Change in handling of enum when moving from 2.6 to 2.7

I have an enum in Java as this: @XmlEnum(String.class) public enum BoxTypeEventPart { @XmlEnumValue("EDUCATION") EDUCATIONBOX(), @XmlEnumValue("INSTANCE") INSTANCEBOX(), @XmlEnumValue("SELECTION") SELECTIONBOX() } When I serialize an object containing the enum value BoxTypeEventPart. INSTANCEBO

[jackson-user] CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension

Has anyone seen CVE-2016-3729 ? Has it already been fixed in the project or does a fix need to be created? -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from thi

[jackson-user] CVE-2016-3720: XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for

Does the project know about this vulnerability ? Is a fix coming for it? -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails