Move to supported jackson-dataformats-text

XMLWordPrintable

    • Type: Task
    • Resolution: Won't Do
    • Priority: L3 - Default
    • 3.9.0, 3.9.0-alpha4
    • Affects Version/s: None
    • Component/s: backend
    • None

      We currently have a dependency on https://github.com/FasterXML/jackson-dataformat-yaml

      However, this is no longer supported and pulls in a dependency of snakeyaml that has a security vulnerability. While we don't believe this vulnerability affects us, we should still migrate to using a library that is being actively supported: https://github.com/FasterXML/jackson-dataformats-text

      If the migration is complex, an acceptable solution for the short term might also be to pin the snakeyaml version used by the existing library to one that does not contain the vulnerability (>=1.31)

        This is the controller panel for Smart Panels app

              Assignee:
              Unassigned
              Reporter:
              Joshua Windels
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: