older JDK
support tells us about a mature development body in this Open Source
initiative...Thanks for the quick responses as well. We will take advantage
of the security-related forum as well.
On Wednesday, January 30, 2019 at 3:19:06 PM UTC-8, Penny Wells wrote:
>
> We use jackson-da
The Jackson component is embedded into an enterprise software of our
company that will not go beyond Java 7 for many years to come.
Can we safely make the assumption that Jackson 2.9.8 will never require
Java version 7 ? We will not use any Java 8-specific features (Lambda
expressions, etc), but
The Jackson component is embedded into an enterprise software of our
company that will not go beyond Java 7 for many years to come.
Can we safely make the assumption that Jackson 2.9.8 will never require
Java version 7 ? We will not use any Java 8-specific features (Lambda
expressions, etc), but
speak hypothetically of course.
>
> Best,
> Laird
>
> On Wed, Jan 30, 2019 at 5:09 PM Tatu Saloranta > wrote:
>
>> On Wed, Jan 30, 2019 at 3:19 PM Penny Wells > > wrote:
>> >
>> > We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the
out there in my lifetime (and I am relatively
young), and, we own Java too.. go figure.
Penny W.
On Wednesday, January 30, 2019 at 3:19:06 PM UTC-8, Penny Wells wrote:
>
> We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the
> *CVE-2018-19362.*
> *I do see a bugfix
We use jackson-databind 2.9.7 but cannot upgrade to 2.9.8 due to the
*CVE-2018-19362.*
*I do see a bugfix applied into github for 2.9.8 but can't be sure as the
CVE does not have this information.*
*Can someon confirm for us that this CVE (*
*CVE-2018-19362) is fixed in the latest jackson-databin
