Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increasing guava version limit #34

Closed
wants to merge 1 commit into from

Conversation

AUTplayed
Copy link

Hi, I ran all tests with guava versions 23 through 25 and they were all green
(except for failing.OptionalUnwrappedTest, which is on purpose? didn't work with v20 either, so it would explain the package name...)

This led me to the conclusion that it's save to increase the guava version limit.

This is important, because there is a security issue on versions 11.0 through 24.1.

Thanks

@cowtowncoder
Copy link
Member

For what it is worth, security advisory is not relevant for Jackson, as far as I can see: problem is related to JDK serialization.
However, I have nothing against increasing range limit per se.

I think I will apply that against 2.10 branch, however; 3.0 is still quite far out.

@cowtowncoder
Copy link
Member

Thank you for suggesting this: I merge this manually to be in 2.10, closing PR itself. WIll be in 2.10.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants