[NXP-31455] Use jackson bom for jackson dependencies - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2023.0, 2021.30
Component/s: Code Refactoring (Global)

Release Notes Summary:
Jackson BOM is now imported in the Maven dependency graph.
Release Notes Description:

Hide

Addons declaring jackson artefacts in their dependencies managment section can remove them as the jackson-bom is now imported in the Maven dependency graph of Nuxeo Platform.
This will ease the security upgrade of Jackson artefacts for all Nuxeo artefacts.

Show
Addons declaring jackson artefacts in their dependencies managment section can remove them as the jackson-bom is now imported in the Maven dependency graph of Nuxeo Platform. This will ease the security upgrade of Jackson artefacts for all Nuxeo artefacts.
Tags:
- nxplatform
Team:
PLATFORM
Sprint:
nxplatform #75
Story Points:
1

Description

We would like to use jackson-bom dependencies for our jackson dependencies in order to have all possible jackson artefacts declared in the Maven dependency graph.

Furthermore, the BOM is released with a date based version when a micro-patch is released, like jackson-databind 2.12.7.1 which fixes some CVE, see https://github.com/FasterXML/jackson-bom/blob/jackson-bom-2.12.7.20221012/pom.xml. This will help security upgrades with help of dependabot.

Attachments

Issue Links

is related to

NXP-32064 Upgrade jackson-core to 2.15.0

Open

Activity

People

Assignee:

Kevin Leturc

Reporter:

Kevin Leturc

Participants:

Jenkins, Kevin Leturc

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2022-11-28 09:05

Updated:

2023-11-14 10:52

Resolved:

2022-11-29 08:58