Skip to content

Jackson Release 2.9.10

Jump to bottom
Tatu Saloranta edited this page Sep 20, 2019 · 19 revisions

Patch version of 2.9, not yet released.

Likely the last full 2.9.x release.

Following fixes are included (note: this includes fixes that intermediate 2.9.9.x micro-patches had)

Changes, core

Streaming

  • #540: UTF8StreamJsonParser: fix byte to int conversion for malformed escapes

Databind

  • #2331: JsonMappingException through nested getter with generic wildcard return type
  • #2334: Block one more gadget type (CVE-2019-12384)
  • #2341: Block one more gadget type (CVE-2019-12814)
  • #2374: ObjectMapper. getRegisteredModuleIds() throws NPE if no modules registered
  • #2387: Block one more gadget type (CVE-2019-14379)
  • #2389: Block one more gadget type (CVE-2019-14439)
  • #2404: FAIL_ON_MISSING_EXTERNAL_TYPE_ID_PROPERTY setting ignored when creator properties are buffered
  • #2410: Block one more gadget type (CVE-2019-14540)
  • #2420: Block one more gadget type (no CVE allocated yet)
  • #2449: Block one more gadget type (CVE-2019-14540)
  • #2460: Block one mode gadget type (ehcache, no CVE allocated yet)
  • #2462: Block two more gadget types (commons-configuration)

Changes, dataformats

XML

  • #336: WRITE_BIGDECIMAL_AS_PLAIN Not Used When Writing Pretty
  • #340: Incompatible woodstox-core and stax2-api dependencies (upgrade to woodstox-core 5.3.0)
Clone this wiki locally