Hi, We discussed this already in the past. IMHO, we can replace jackson by just sax (no need to use JSON-B regarding our usage).
That sasid, I don't see any huge issue with Jackson: it works fine and we keep the versions up to date to fix CVE. The only interesting move would be to use SAX parsing directly instead of a mapper. Regards JB On Tue, May 16, 2023 at 12:17 PM Jean-Louis Monteiro <jlmonte...@tomitribe.com> wrote: > > Hi all, > > Jackson seems to be frequently affected by CVEs and it's really a pain for > users. > > Looks like Jackson is only used in the WebConsole to read/write a few > attributes. I'm sure we can get rid of it and either use a standard API so > one can plugin any implementation, or just write down a utility class to > parse the small attribute we have to. > > thoughts? > > I'm happy to do a PR to remove it if that's the consensus. > > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com