Skip to content

Jackson Release 2.9.10

Jump to bottom
Tatu Saloranta edited this page Aug 12, 2019 · 19 revisions

Patch version of 2.9, released on May 16th 2019. Likely the last full 2.9.x release.

Following fixes are included (note: this includes fixes that intermediate 2.9.9.x micro-patches had)

Changes, core

Streaming

Databind

  • #2331: JsonMappingException through nested getter with generic wildcard return type
  • #2334: Block one more gadget type (CVE-2019-12384)
  • #2341: Block one more gadget type (CVE-2019-12814)
  • #2374: ObjectMapper. getRegisteredModuleIds() throws NPE if no modules registered
  • #2387: Block one more gadget type (CVE-2019-14379)
  • #2389: Block one more gadget type (CVE-2019-14439)
  • #2410: Block one more gadget type (CVE-2019-14540)
  • #2420: Block one more gadget type (no CVE allocated yet)

Changes, dataformats

XML

  • #336: WRITE_BIGDECIMAL_AS_PLAIN Not Used When Writing Pretty
  • #340: Incompatible woodstox-core and stax2-api dependencies (upgrade to woodstox-core 5.3.0)

Clone this wiki locally