[OPT-6450] Move to supported jackson-dataformats-text

Type: Task
Resolution: Won't Do
Priority: L3 - Default
Fix Version/s: 3.9.0, 3.9.0-alpha4
Affects Version/s: None
Component/s: backend
Labels:
None

Effort:
Not defined
Epic Link:
Internal Maintenance

We currently have a dependency on https://github.com/FasterXML/jackson-dataformat-yaml

However, this is no longer supported and pulls in a dependency of snakeyaml that has a security vulnerability. While we don't believe this vulnerability affects us, we should still migrate to using a library that is being actively supported: https://github.com/FasterXML/jackson-dataformats-text

If the migration is complex, an acceptable solution for the short term might also be to pin the snakeyaml version used by the existing library to one that does not contain the vulnerability (>=1.31)

This is the controller panel for Smart Panels app

Joshua Windels added a comment - 08/Sep/22 1:55 PM

I misinterpreted to change in library here, we are already pulling in the correct and maintained dependency of jackson dataformats, and the latest version has already patched snakeyaml. Will close this ticket accordingly

Joshua Windels added a comment - 08/Sep/22 1:55 PM I misinterpreted to change in library here, we are already pulling in the correct and maintained dependency of jackson dataformats, and the latest version has already patched snakeyaml. Will close this ticket accordingly

Assignee:: Unassigned

Reporter:: Joshua Windels

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 07/Sep/22 11:46 AM

Updated:: 10/Oct/23 1:55 PM

Resolved:: 08/Sep/22 1:55 PM

Camunda Optimize

Details

Description

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

Collapse comment: Joshua Windels added a comment - 08/Sep/22 1:55 PM

Expand comment: Joshua Windels added a comment - 08/Sep/22 1:55 PM

People

Dates

Salesforce