Re: [jackson-user] Backports of CVE-2017-7525

On Wed, Apr 4, 2018 at 6:30 PM, Tatu Saloranta wrote: > This sounds like useful for many users. Thank you for sharing! > You're welcome. Some thoughts > > On 1.x; there is: > > https://github.com/FasterXML/jackson-1 Oh, I didn't realize that. I forked from

Re: [jackson-user] @JsonIgnore doesn't ignore @JsonManagedReference within mixin

Yeap, moving `@JsonManagedReference` to getter makes difference. Thanks. On Thursday, 5 April 2018 06:11:13 UTC+3, Tatu Saloranta wrote: > > Does it work if you add `@JsonIgnore` directly on type? > > I suspect this could be because you are adding mix-in to getter, but >

Re: [jackson-user] @JsonIgnore doesn't ignore @JsonManagedReference within mixin

Does it work if you add `@JsonIgnore` directly on type? I suspect this could be because you are adding mix-in to getter, but `@JsonManagedReference` is added to field. So another thing to checkout would be to try to move one `@ JsonManagedReference` to getter and see if that makes difference. -+

Re: [jackson-user] Backports of CVE-2017-7525

This sounds like useful for many users. Thank you for sharing! Some thoughts On 1.x; there is: https://github.com/FasterXML/jackson-1 from which it would be nice to still release 1.9.14. But as things are, there is no Maven release process into Nexus that works (1.x uses/used Ant, with

[jackson-user] Backports of CVE-2017-7525

TL;DR: I've backported the fixes for CVE-2017-7525 and related issues to select old / archaic versions. This might be useful to someone else, hence this email. Cloudera (my employer) provides supported versions of lots of open source projects. Most of them use jackson in some form. Most of them