Thanks Johannes. I was going to suggest the same thing about the serialisation being very pluggable.
I'm actually a contributor to Jackson and while there are a steady stream of issues coming in, Jackson is pretty stable. Version 2.15 introduces some limits for security reasons and some users may have issues with the defaults. They are high but some users may require them to be higher. We may need to consider supporting this version and having reference.conf / application.conf support for overriding these limits. That is probably a discussion for another time. 2.15.0 should be released later this month. On Tue 4 Apr 2023, 09:43 Johannes Rudolph, <[email protected]> wrote: > I guess the impact is somewhat contained as it is only the > serialization-jackson module in pekko core that is affected. In that > case, someone could provide an alternative serialization-jackson > module that would depend on an older version of Jackson if that was > ever needed. > > So, +1 from me to go to Jackson 2.14.x. > > On Tue, Apr 4, 2023 at 10:52 AM Johannes Rudolph > <[email protected]> wrote: > > > > As said before I would like to update Jackson to a more reasonable > > version. Going to 2.14 will be the most future proof but we should > > still make sure to understand what happens to code bases that use > > Jackson 2.12 or 2.13. Do we have any idea what it will mean? Do we > > have escape hatches if it does not work out for lots of users? > > > > On Mon, Apr 3, 2023 at 6:53 PM Matthew Benedict de Detrich > > <[email protected]> wrote: > > > > > > Since this has been sitting here for a week for no objections shall we > wait > > > for a couple more days and then merge? > > > > > > On Mon, Mar 27, 2023 at 7:45 PM PJ Fanning <[email protected]> > wrote: > > > > > > > Hi everyone, > > > > > > > > We've hit issues with our Cassandra Driver jar needing a newer > version of > > > > Jackson than we currently use in main Pekko repo. > > > > > > > > So far, most people who've commented on GitHub are supportive of > upgrading > > > > Jackson. The latest v2.14.2 release of jackson-module-scala needs > Scala > > > > upgrade to v3.2.2. See Scala discussion [1]. > > > > > > > > Another benefit to upgrading Jackson is that v2.11.4 has CVEs > associated > > > > with it. > > > > > > > > The Jackson PR is here [2]. > > > > > > > > Does anyone have any objections? > > > > > > > > > > > > [1] https://lists.apache.org/thread/mk88ybzx51k7x7x102drtbzh6l68k0xm > > > > [2] https://github.com/apache/incubator-pekko/pull/273 > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > -- > > > > > > Matthew de Detrich > > > > > > *Aiven Deutschland GmbH* > > > > > > Immanuelkirchstraße 26, 10405 Berlin > > > > > > Amtsgericht Charlottenburg, HRB 209739 B > > > > > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > > > > > *m:* +491603708037 > > > > > > *w:* aiven.io *e:* [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
