incubator-seata icon indicating copy to clipboard operation
incubator-seata copied to clipboard

Published 20 hours ago verified publisher icon apache

feature: jackson dependencey was provided, compile is better

Open wt-better opened this issue 1 year ago • 5 comments

Why you need it?

seata at mode strong dependencey onjackson , but maven scope was provied.

Other related information

seata version: 2.0

wt-better avatar Jan 23 '24 02:01 wt-better

please assign to me

Brian-b88 avatar Jan 25 '24 00:01 Brian-b88

please assign to me

Hello, this issue has been assigned to you. Looking forward to your PR.

xingfudeshi avatar Feb 04 '24 08:02 xingfudeshi

Long time no progress, I will fix this issue when I fix the dependency security vulnerability.

slievrly avatar Feb 06 '24 03:02 slievrly

jackson has a security vulnerability to upgrade but autoType has been disabled from version 2.10 and activateDefaultTyping is established by way of whitelist enumeration. However, in the case of saga, the user input type of the parser is not enumerable, and the loss of autoType capability may limit the interface/inheritance type support.

slievrly avatar Feb 06 '24 10:02 slievrly

  • If using a higher version of jackson will inevitably break the SAGA feature, this leads to another topic, can't we consider maven libraries that support the so-called autoType, such as fastjson?

linghengqian avatar Mar 23 '24 14:03 linghengqian