# Recommended update for jackson Announcement ID: SUSE-RU-2024:1764-2 Rating: moderate References: Affected Products: * openSUSE Leap 15.6 An update that can now be installed. ## Description: This update for jackson fixes the following issues: jackson-annotations was upgraded to version 2.16.1: * Added new OptBoolean valued property in @JsonTypeInfo to allow per-type configuration of strict type id handling * Allow per-type configuration of strict type id handling * Added JsonTypeInfo.Value object (backport from 3.0) * Added new JsonTypeInfo.Id.SIMPLE_NAME jackson-bom was upgraded to version 2.16.1: * Added dependency for jackson-module-android-record. This new module offers support for Record type on Android platform, where Java records are supported through "de-sugaring" jackson-core was upgraded to version 2.16.1: * NPE in Version.equals() if snapshot-info null * NPE in "FastDoubleParser", method "JavaBigDecimalParser.parseBigDecimal()" * JsonPointer.append(JsonPointer.tail()) includes the original pointer * Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16 * Improve error message for StreamReadConstraints violations * JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES * Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest * Allow all array elements in JsonPointerBasedFilter * Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation * Start using AssertJ in unit tests * Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON) * Add configurable limit for the maximum number of bytes/chars of content to parse before failing * Add configurable limit for the maximum length of Object property names to parse before failing * Add configurable processing limits for JSON generator (StreamWriteConstraints) * Compare _snapshotInfo in Version * Add JsonGeneratorDecorator to allow decorating JsonGenerators * Add full set of BufferRecyclerPool implementations * Add configurable error report behavior via ErrorReportConfiguration * Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs * Allow pluggable buffer recycling via new RecyclerPool extension point * Change parsing error message to mention -INF jackson-databind was upgraded to version 2.16.1: * JsonSetter(contentNulls = FAIL) is ignored in delegating @JsonCreator argument * Primitive array deserializer not being captured by DeserializerModifier * JsonNode.findValues() and findParents() missing expected values in 2.16.0 * Incorrect deserialization for BigDecimal numbers * Add a way to configure caches Jackson uses * Mix-ins do not work for Enums * Map deserialization results in different numeric classes based on json ordering (BigDecimal / Double) when used in combination with @JsonSubTypes * Generic class with generic field of runtime type Double is deserialized as BigDecimal when used with @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY * Combination of @JsonUnwrapped and @JsonAnySetter results in BigDecimal instead of Double * @JsonIgnoreProperties not working with @JsonValue * Deprecated JsonNode.with(String) suggests using JsonNode.withObject(String) but it is not the same thing * Difference in the handling of ObjectId-property inJsonIdentityInfo depending on the deserialization route * Add new OptBoolean valued property in @JsonTypeInfo, handling, to allow per- polymorphic type loose Type Id handling * Fixed regression in 2.15.0 that reaks deserialization for records when mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE) * Incorrect target type when disabling coercion, trying to deserialize String from Array/Object * @JsonProperty on constructor parameter changes default field serialization order * Create new JavaType subtype IterationType (extending SimpleType) * Use JsonTypeInfo.Value for annotation handling * Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for sorting ObjectNode properties on serialization (for Canonical JSON) * Optimize ObjectNode findValue(s) and findParent(s) fast paths * Locale "" is deserialised as null if ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled * Add guardrail setting for TypeParser handling of type parameters * Use @JsonProperty for Enum values also when READ_ENUMS USING_TO_STRING enabled * Fix Enum deserialization to use @JsonProperty, @JsonAlias even if EnumNamingStrategy used * Use @JsonProperty and lowercase feature when serializing Enums despite using toString() * Use @JsonProperty over EnumNamingStrategy for Enum serialization * Actually cache EnumValues#internalMap * ObjectMapper.valueToTree() will ignore the configuration SerializationFeature.WRAP_ROOT_VALUE * Provide the "ObjectMapper.treeToValue(TreeNode, TypeReference)" method * Expose NativeImageUtil.isRunningInNativeImage() method * Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id to Class.getSimpleName() * Impossible to deserialize custom Throwable sub-classes that do not have single-String constructors * java.desktop module is no longer optional * ClassUtil fails with java.lang.reflect.InaccessibleObjectException trying to setAccessible on OptionalInt with JDK 17+ * Support sequenced collections (JDK 21) * Add withObjectProperty(String), withArrayProperty(String) in JsonNode * Change JsonNode.withObject(String) to work similar to withArray() wrt argument * Log WARN if deprecated subclasses of PropertyNamingStrategy is used * NPE when transforming a tree to a model class object, at ArrayNode.elements() * Deprecated ObjectReader.withType(Type) has no direct replacement; need forType(Type) * Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow Default Typing for Enums * Do not rewind position when serializing direct ByteBuffer * Exception when deserialization of private record with default constructor * BeanDeserializer updates currentValue incorrectly when deserialising empty Object jackson-dataformats-binary was upgraded to version 2.16.1: * (ion) NullPointerException in IonParser.nextToken() * (smile) Remove Smile-specific buffer-recycling jackson-modules-base was upgraded to version 2.16.1: * (afterburner) Disable when running in native-image * (afterburner) IncompatibleClassChangeError when deserializing a class implementing an interface with default get/set implementations * (blackbird) BlackBird proxy object error in Java 17 * (blackbird) Disable when running in native-image * (guice) Add guice7 (jakarta.inject) module jackson-parent was upgraded to version 2.16: * Upgrade to oss-parent 56 (tons of plugin updates to resolve Maven warnings, new Moditect plugin) jackson-parent, fasterxml-oss-parent: * Added to SUSE Manager 4.3 as it is needed by `jackson-modules-base` ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1764=1 ## Package List: * openSUSE Leap 15.6 (noarch) * jackson-module-mrbean-2.16.1-150200.5.11.1 * jackson-annotations-javadoc-2.16.1-150200.3.14.4 * jackson-dataformat-cbor-2.16.1-150200.3.13.6 * jackson-core-2.16.1-150200.3.14.7 * jackson-dataformats-binary-javadoc-2.16.1-150200.3.13.6 * jackson-dataformats-binary-2.16.1-150200.3.13.6 * jackson-module-paranamer-2.16.1-150200.5.11.1 * jackson-module-jaxb-annotations-2.16.1-150200.5.11.1 * jackson-modules-base-2.16.1-150200.5.11.1 * fasterxml-oss-parent-38-150200.3.2.1 * jackson-modules-base-javadoc-2.16.1-150200.5.11.1 * jackson-module-no-ctor-deser-2.16.1-150200.5.11.1 * jackson-core-javadoc-2.16.1-150200.3.14.7 * jackson-bom-2.16.1-150200.3.11.1 * jackson-dataformat-smile-2.16.1-150200.3.13.6 * jackson-module-guice-2.16.1-150200.5.11.1 * jackson-module-blackbird-2.16.1-150200.5.11.1 * jackson-parent-2.16-150200.3.10.1 * jackson-databind-2.16.1-150200.3.18.1 * jackson-databind-javadoc-2.16.1-150200.3.18.1 * jackson-module-osgi-2.16.1-150200.5.11.1 * jackson-annotations-2.16.1-150200.3.14.4 * jackson-module-afterburner-2.16.1-150200.5.11.1