-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Request]: Support Jackson 2.15 #26743
Comments
In jackson-databind, I have found that the following changes are made for the same event. In apache/beam, https://github.com/search?q=repo%3Aapache%2Fbeam+com.fasterxml.jackson.core.JsonFactory&type=code |
In v2.15.1, the default string length was changed from 5M to 20M. If you use jackson version 2.15 or later, it would be better to upgrade to 2.15.1. :-) |
@masahitojp Thanks for the information. iiuc does this means the breaking change of 2.15.0 is (partly) fixed in 2.15.1 ? I also checked tha stacktrace the jackson parser is handled by google-api-client-jackson2 dependency (not directly by Beam). It may require the update from this dependency to support Jackson 2.15. |
As of July 2023, the latest version of google-http-client-jackson2 still uses jackson 2.14.2: https://mvnrepository.com/artifact/com.google.http-client/google-http-client-jackson2/1.43.3 |
Noting that Jackson 2.14.1 has a conflict with SnakeYaml 2.0: spring-projects/spring-boot#34405 SnakeYaml 1.x has a known vulnerability (https://mvnrepository.com/artifact/org.yaml/snakeyaml/1.33), so we need to upgrade Jackson to properly resolve this conflict. Also, Beam Java core recently added a hard dependency to SnakeYaml 2.0: beam/sdks/java/core/build.gradle Line 101 in 611676d
|
cc: @ahmedabu98 since we added the SnakeYaml 2.0 dependency in #30808. |
@Abacn @kennknowles should we consider making this a release blocker ? |
Yes, that could make sense if we currently have a dep conflict that will block important uses. What is the resolution proposal? |
So we can either downgrade SnakeYAML to 1.33 or upgrade Jackson to 2.15. SnakeYAML 1.33 has a a known vulnerability so upgrading Jackson is probably preferable. I'm not sure if we'll run into other conflicts due to other dependencies transitively depending on Jackson 2.14 though. Assigning to @Abacn to comment on the feasibility / best approach on resolving this conflict. |
cc: @liferoad |
There is indeed transient dependency on snakeyaml 1.x, for cassandra-all 3.x used in hadoop-format test. see CASSANDRA-19653 |
For those who upgraded to Jackson 2.15 and see the problem in the Issue description, spring-projects/spring-boot#34709 (comment) may be solution (going to get reproduce on my own) |
What would you like to happen?
Known breaking change
StreamReadConstraints
limit for longest textual value to allow (default: 5M) FasterXML/jackson-core#863causing
Issue Priority
Priority: 2 (default / most feature requests should be filed as P2)
Issue Components
The text was updated successfully, but these errors were encountered: