Jackson 2.13.x compatibility #30199
Labels
status: invalid
An issue that we don't feel is valid
Comments
spring-projects-issues
added
the
status: waiting-for-triage
|
I guess this is related to FasterXML/jackson-databind#2816 (comment) From the looks of #28298, it doesn't seem this has introduced breaking changes. I'm not sure creating issues like this one and #29569 really helps. We have a clear upgrade policy and 3rd party project maintainers choose to backport or not fixes. While we can point to obvious incompatibilities between versions, this is just valid for our own build and test suite. What I mean is: even if this comment says that it doesn't look incompatible from our perspective, it may very well break your application if it is using a feature that we don't. The best course of action here is to run your test suite against this version. |
bclozel
added
status: invalid
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
jackson-databind before
2.13.0allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Spring Boot2.5.xbrings in the version2.12.6. Since2.12.xand2.13.xare different major versions, the compatibility issue arises.Therefore, requesting you to clarify if jackson
2.13.xis compatible with Spring Boot2.5.xThe text was updated successfully, but these errors were encountered: