Uploaded image for project: 'Camunda Optimize'
  1. Camunda Optimize
  2. OPT-6450

Move to supported jackson-dataformats-text

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Won't Do
    • Icon: L3 - Default L3 - Default
    • 3.9.0, 3.9.0-alpha4
    • None
    • backend
    • None

      We currently have a dependency on https://github.com/FasterXML/jackson-dataformat-yaml

      However, this is no longer supported and pulls in a dependency of snakeyaml that has a security vulnerability. While we don't believe this vulnerability affects us, we should still migrate to using a library that is being actively supported: https://github.com/FasterXML/jackson-dataformats-text

      If the migration is complex, an acceptable solution for the short term might also be to pin the snakeyaml version used by the existing library to one that does not contain the vulnerability (>=1.31)

        This is the controller panel for Smart Panels app

            [OPT-6450] Move to supported jackson-dataformats-text

            Joshua Windels created issue -
            Joshua Windels made changes -
            Description Original: We currently have a dependency on https://github.com/FasterXML/jackson-dataformat-yaml

            However, this is no longer supported and pulls in a dependency of snakeyaml that has a security vulnerability. While we don't believe this vulnerability affects us, we should still migrate to using a library that is being actively supported: https://github.com/FasterXML/jackson-dataformats-text             		New: We currently have a dependency on [https://github.com/FasterXML/jackson-dataformat-yaml]

            However, this is no longer supported and pulls in a dependency of snakeyaml that has a security vulnerability. While we don't believe this vulnerability affects us, we should still migrate to using a library that is being actively supported: [https://github.com/FasterXML/jackson-dataformats-text]

            If the migration is complex, an acceptable solution for the short term might also be to pin the snakeyaml version used by the existing library to one that does not contain the vulnerability (>=1.31)
            Joshua Windels made changes -
            Link New: This issue is related to SUPPORT-14535 [ SUPPORT-14535 ]
            Joshua Windels made changes -
            Status Original: Triage [ 10612 ] New: Ready [ 10005 ]
            Joshua Windels made changes -
            Resolution New: Won't Do [ 10101 ]
            Status Original: Ready [ 10005 ] New: Done [ 10010 ]
            Joshua Windels made changes -
            Fix Version/s New: 3.9.0-alpha4 [ 17814 ]
            Alexandra Corremans made changes -
            Fix Version/s New: 3.9.0 [ 17691 ]
            Alexandra Corremans made changes -
            Link New: This issue is related to SUPPORT-14784 [ SUPPORT-14784 ]
            Joshua Windels made changes -
            Labels Original: current_release

              Unassigned Unassigned
              joshua.windels Joshua Windels
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: