seata feature: jackson dependencey was provided, compile is better

q9rjltbz  于 4个月前  发布在  其他
关注(0)|答案(5)|浏览(61)

Why you need it?

seata at mode strong dependencey on jackson , but maven scope was provied.

seata version: 2.0

xoshrz7s

xoshrz7s2#

please assign to me

Hello, this issue has been assigned to you. Looking forward to your PR.

zazmityj

zazmityj3#

Long time no progress, I will fix this issue when I fix the dependency security vulnerability.

cnh2zyt3

cnh2zyt34#

jackson has a security vulnerability to upgrade but autoType has been disabled from version 2.10 and activateDefaultTyping is established by way of whitelist enumeration. However, in the case of saga, the user input type of the parser is not enumerable, and the loss of autoType capability may limit the interface/inheritance type support.

bweufnob

bweufnob5#

  • If using a higher version of jackson will inevitably break the SAGA feature, this leads to another topic, can't we consider maven libraries that support the so-called autoType , such as fastjson?

相关问题