jackson has a security vulnerability to upgrade but autoType has been disabled from version 2.10 and activateDefaultTyping is established by way of whitelist enumeration. However, in the case of saga, the user input type of the parser is not enumerable, and the loss of autoType capability may limit the interface/inheritance type support.
If using a higher version of jackson will inevitably break the SAGA feature, this leads to another topic, can't we consider maven libraries that support the so-called autoType , such as fastjson?
5条答案
按热度按时间mrfwxfqh1#
please assign to me
xoshrz7s2#
please assign to me
Hello, this issue has been assigned to you. Looking forward to your PR.
zazmityj3#
Long time no progress, I will fix this issue when I fix the dependency security vulnerability.
cnh2zyt34#
jackson has a security vulnerability to upgrade but autoType has been disabled from version 2.10 and activateDefaultTyping is established by way of whitelist enumeration. However, in the case of saga, the user input type of the parser is not enumerable, and the loss of autoType capability may limit the interface/inheritance type support.
bweufnob5#
autoType
, such as fastjson?