Jackson 2.12.6 compatibility with Spring Boot 2.4.13 #29569
Labels
status: declined
A suggestion or change that we don't feel we should currently apply
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
Spring Boot 2.4.x is out of OSS support so please upgrade at your earliest convenience to a supported version. |
snicoll
added
status: declined
|
I don't think Spring Boot 2.4.x will be binary compatible with Jackson 2.12. You can see the changes made in Spring Boot 2.5.0 (see #24415) to adapt to the Jackson changes. We've made sure that Spring Boot 2.5.x works with previous Jackson versions, but I don't think the other way around can work. Note that Spring Boot 2.4.x is out of OSS support, so this might be a good idea to upgrade anyway. |
|
@bclozel , thank you for the clarification! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A vulnerability (WS-2021-0616) was discovered in jackson library. It is fixed in versions 2.12.6 and 2.13.1.
Spring Boot 2.4.13 comes with jackson 2.11.4. The fixed version seems to be a different major version. Therefore, the compatibility is unclear.
Requesting you to clarify if Spring Boot 2.4.13 is compatible with jackson 2.12.6
The text was updated successfully, but these errors were encountered: