[
https://issues.apache.org/jira/browse/SOLR-15730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17833080#comment-17833080
]
Jan Høydahl commented on SOLR-15730:
------------------------------------
{quote}SolrJ gained Jackson recently, related to the new v2 API / OpenApi work
:(. Ahh well.
{quote}
That's a pity. Jackson tends to produce lots of CVE warnings in applications.
Is it strictly needed for SolrJ runtime, [~gerlowskija] ? Could it be optional?
Is Jackson picky wrt version compatibility so that users need to sync their own
jackson use with ours, if so should one consider shading it?
We should agree on what SolrJ core should be in Solr 10 and forward, and some
(strict) guidelines for adding dependencies.
> Modularize SolrJ
> ----------------
>
> Key: SOLR-15730
> URL: https://issues.apache.org/jira/browse/SOLR-15730
> Project: Solr
> Issue Type: Task
> Components: SolrJ
> Reporter: Jan Høydahl
> Priority: Major
> Attachments: Skjermbilde 2021-10-28 kl. 15.38.40.png
>
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> Umbrella issue for breaking up SolrJ into a slim solrj-core with minimal
> dependencies as well as solrj-zk, solrj-streaming, solrj-jdbc etc as needed.
> We can move relevant other JIRAs as sub-tasks to this one to keep everything
> together.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
