Skip to content

[4.4.x] bump jackson.version from 2.21.4 to 2.21.5#2767

Merged
jbonofre merged 2 commits into
karaf-4.4.xfrom
dependabot/maven/karaf-4.4.x/jackson.version-2.22.1
Jul 10, 2026
Merged

[4.4.x] bump jackson.version from 2.21.4 to 2.21.5#2767
jbonofre merged 2 commits into
karaf-4.4.xfrom
dependabot/maven/karaf-4.4.x/jackson.version-2.22.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps jackson.version from 2.21.4 to 2.22.1.
Updates com.fasterxml.jackson.core:jackson-databind from 2.21.4 to 2.22.1

Commits

Updates com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.21.4 to 2.22.1

Commits
  • be04d56 [maven-release-plugin] prepare release jackson-dataformat-xml-2.22.1
  • c420f2f Prep for 2.22.1 release
  • 2be8479 Merge branch '2.21' into 2.22
  • 4cf55fe Post-release dep version bump
  • 70baf0a [maven-release-plugin] prepare for next development iteration
  • 1211f5a [maven-release-plugin] prepare release jackson-dataformat-xml-2.21.5
  • 2252eab Prep for 2.21.5 release
  • a58f7d3 Post-release dep version bump
  • 8087e73 [maven-release-plugin] prepare for next development iteration
  • 4c702ae [maven-release-plugin] prepare release jackson-dataformat-xml-2.22.0
  • Additional commits viewable in compare view

Updates com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from 2.21.4 to 2.22.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps `jackson.version` from 2.21.4 to 2.22.1.

Updates `com.fasterxml.jackson.core:jackson-databind` from 2.21.4 to 2.22.1
- [Commits](https://github.com/FasterXML/jackson/commits)

Updates `com.fasterxml.jackson.dataformat:jackson-dataformat-xml` from 2.21.4 to 2.22.1
- [Commits](FasterXML/jackson-dataformat-xml@jackson-dataformat-xml-2.21.4...jackson-dataformat-xml-2.22.1)

Updates `com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider` from 2.21.4 to 2.22.1

---
updated-dependencies:
- dependency-name: com.fasterxml.jackson.core:jackson-databind
  dependency-version: 2.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
  dependency-version: 2.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider
  dependency-version: 2.22.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file java Pull requests that update java code labels Jul 8, 2026
@holgerfriedrich

Copy link
Copy Markdown
Contributor

2.22.x is not an LTS version, my recommendation would be to stay with 2.21.x for the 4.4.x branch

  • 2.22.1: open branch (2.22.1 was released on Jul 07, 2026)
    Latest Release (LR) for 2.x, not LTS
  • 2.21: open branch (2.21.0 was released on January 18, 2026)
    Long-Term Support (LTS) version
    Backports accepted for fixes

@holgerfriedrich

Copy link
Copy Markdown
Contributor

Though, we should upgrade to 2.21.5 on 4.4.x, as it fixes at leas one CVE
https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.21.5

Comment thread pom.xml Outdated
Co-authored-by: Holger Friedrich <mail@holger-friedrich.de>
@jbonofre

jbonofre commented Jul 9, 2026

Copy link
Copy Markdown
Member

@holgerfriedrich agree to stay with Jackson 2.21.x on 4.4.x. I pushed your suggestion and CI is running. I will review and merge when CI is happy.

@jbonofre jbonofre changed the title [4.4.x] bump jackson.version from 2.21.4 to 2.22.1 [4.4.x] bump jackson.version from 2.21.4 to 2.21.5 Jul 9, 2026
@jbonofre jbonofre merged commit 3427689 into karaf-4.4.x Jul 10, 2026
16 of 18 checks passed
@jbonofre jbonofre deleted the dependabot/maven/karaf-4.4.x/jackson.version-2.22.1 branch July 10, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file java Pull requests that update java code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants