You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a minor version upgrade for jackson-jaxrs-json-provider from 2.12.1 to 2.18.6. While there are no direct breaking API changes documented for this specific provider, the upgrade spans several minor versions and includes a significant number of underlying changes in the core Jackson databind and core components.
Key Changes:
JAX-RS 1.x Support: Support for the older JAX-RS 1.x, which was removed in version 2.13, has been restored in version 2.18. Since the starting version is 2.12.1, this change does not introduce a breaking change for this upgrade path.
Core Component Updates: The underlying jackson-core and jackson-databind libraries have received numerous bug fixes, performance improvements, and internal changes between versions 2.12 and 2.18. While these are not listed as breaking changes, the volume of modifications introduces a risk of subtle behavioral changes.
Recommendation:
Due to the wide version span and the number of transitive dependency updates, this upgrade carries a medium risk. It is unlikely to require code changes, but thorough regression testing is recommended to verify that application behavior related to JSON serialization and deserialization remains consistent.
Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.
bwappsec
changed the title
[Snyk] Security upgrade com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from 2.12.1 to 2.18.6
SWI-3723 [Snyk] Security upgrade com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from 2.12.1 to 2.18.6
Mar 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
bwappsec
changed the title
Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.
Snyk changed the following file(s):
samples/server/petstore/jaxrs-cxf-cdi-default-value/pom.xmlVulnerabilities that will be fixed with an upgrade:
SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924
2.12.1->2.18.6No Path FoundProof of ConceptBreaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling