[
https://issues.apache.org/jira/browse/HELIX-747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16980041#comment-16980041
]
Laurent Boutry commented on HELIX-747:
--------------------------------------
+1
Helix relies on an obsolete version of Jackson (jackson-core-asl 1.8.5 +
jackson-mapper-asl 1.8.5) which include a lot of critical vulnerabilities.
Could you consider upgrading these dependencies ?
> Replace org.codehaus.jackson with FasterXML/jackson
> ---------------------------------------------------
>
> Key: HELIX-747
> URL: https://issues.apache.org/jira/browse/HELIX-747
> Project: Apache Helix
> Issue Type: Task
> Reporter: Jiajun Wang
> Priority: Major
>
> The current json lib Helix uses is out of date. We should consider replacing
> it with a well-maintained lib.
> FasterXML/jackson is compatible with the current lib we used. So it could be
> a good candidate.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
