Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #1737 on 2.7 #1857

Merged
merged 1 commit into from
Dec 12, 2017
Merged

Fix #1737 on 2.7 #1857

merged 1 commit into from
Dec 12, 2017

Conversation

tolbertam
Copy link
Contributor

I maintain a library that depends on jackson-databind 2.7.9.1 as we still want to keep JDK 6 support for a little while longer.

As #1737 fixes CVE 2017-15095 it would be great to apply this on 2.7 as well.

@tolbertam tolbertam changed the title Fix #1737 Fix #1737 on 2.7 Dec 12, 2017
@tolbertam tolbertam mentioned this pull request Dec 12, 2017
Closed
@cowtowncoder
Copy link
Member

Ok, I can do that.

One thing to note, however, is that Jackson 2.8 and 2.9 should still work on JDK 6 even if they can not be compiled on it. At least that is the intent behind dynamic loading of JDK 7 types.

@cowtowncoder cowtowncoder merged commit e865a7a into FasterXML:2.7 Dec 12, 2017
@cowtowncoder cowtowncoder added this to the 2.7.9.2 milestone Dec 12, 2017
@tolbertam
Copy link
Contributor Author

Ok, I can do that.

Thanks! I appreciate it :)

One thing to note, however, is that Jackson 2.8 and 2.9 should still work on JDK 6 even if they can not be compiled on it. At least that is the intent behind dynamic loading of JDK 7 types.

Interesting, I didn't realize that. For some reason I had always thought 2.8 wouldn't work with JDK 6, but if that is the case I should consider upgrading. I'll test it out and give it a try, thanks!

@tolbertam
Copy link
Contributor Author

I just realized that I misread your comment. jackson 2.8/2.9 does work with java 6 as you say, but jackson-databind does not as it is compiled targeting 1.7. If I try using jackson-databind 2.8.10 with java 6 I get an Unsuported major.minor version 5.10 exception:

[ERROR] An error occurred while instantiating class com.datastax.driver.extras.codecs.json.JacksonJsonCodecTest: com/fasterxml/jackson/databind/ObjectMapper : Unsupported major.minor version 51.0
[ERROR] at org.testng.internal.ClassHelper.createInstance1(ClassHelper.java:398)
[ERROR] at org.testng.internal.ClassHelper.createInstance(ClassHelper.java:299)

I'm ok with sticking to 2.7 for a bit, in near future we're planning on requiring JDK 8 in our library and at that time we'll upgrade to the latest and greatest 👍 .

@cowtowncoder
Copy link
Member

Shoot. I thought that it was to be compiled for JDK 6 too... but perhaps JDK 7 and above do not allow that any more. This is unfortunate since then all effort wrt trying to keep compatibility are in vain
(although to be honest it wasn't tons of work).
Although one benefit there, I think, is that it may still help a bit with Android where bytecode is transcode into Dalvik anyway, but ADK is missing some of JDK classes.

@tolbertam tolbertam deleted the 1737-2.7 branch December 13, 2017 22:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.7.9.2
Development

Successfully merging this pull request may close these issues.
2 participants
@tolbertam @cowtowncoder