[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.21.2 by snyk-io[bot] · Pull Request #252 · MojoSport/swagger-codegen

snyk-io · 2026-04-27T19:28:57Z

Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.21.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 81 versions ahead of your current version.
The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Stack-based Buffer Overflow SNYK-JAVA-COMFASTERXMLJACKSONCORE-10500754	55	No Known Exploit
Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15365924	55	Proof of Concept
Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551	55	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-7569538	55	No Known Exploit
XML External Entity (XXE) Injection SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302	55	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244	55	No Known Exploit
Information Exposure SNYK-JAVA-COMFASTERXMLJACKSONCORE-10332631	55	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698	55	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424	55	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426	55	Proof of Concept
Denial of Service (DoS) SNYK-JAVA-COMFASTERXMLWOODSTOX-3091135	55	No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

…to 2.21.2 Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.21.2. See this package in maven: com.fasterxml.jackson.core:jackson-databind See this project in Snyk: https://app.snyk.io/org/mojo-8USVNVZRuv9HZjtox22wyx/project/ebd3438b-c88d-4f3a-ae8b-d6ad7c24a8b5?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

snyk-io · 2026-04-27T19:28:58Z

This upgrade of jackson-databind from version 2.10.1 to 2.21.2 spans multiple minor versions and introduces significant changes, including a required Java version bump and several behavioral modifications that necessitate verification.

Key Changes:

Java Version Requirement: The minimum required Java version has been increased. Versions up to 2.12 required Java 7, but starting from version 2.13, jackson-databind requires Java 8.
Behavioral Changes:
- Date/Time Formatting (v2.11+): The default timezone offset for java.util.Date and java.util.Calendar now includes a colon (e.g., +00:00), which may affect downstream consumers.
- Annotation Precedence (v2.14+): @JsonIgnore is now given precedence over @JsonProperty, which could lead to fields being unintentionally excluded from serialization.
- Processing Limits (v2.15+): New default limits on maximum string length, number length, and nesting depth have been introduced to enhance security. Applications processing unusually large or deeply nested JSON might encounter new exceptions.
Javax to Jakarta Transition (v2.13+): For applications using related specifications like JAXB or JAX-RS, you may need to switch to the corresponding jakarta-suffixed Jackson modules.

Recommendation:

Given the change in the required Java version and the subtle behavioral changes, this upgrade should be handled with care. It is critical to verify that your project is running on Java 8 or newer. Thorough testing is recommended to ensure that serialization and deserialization behavior remains consistent, especially for date/time formats and objects with mixed annotations.

Source: Jackson Wiki Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

….21.2 Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-core from 2.10.1 to 2.21.2. See this package in maven: com.fasterxml.jackson.core:jackson-core See this project in Snyk: https://app.snyk.io/org/mojo-8USVNVZRuv9HZjtox22wyx/project/ebd3438b-c88d-4f3a-ae8b-d6ad7c24a8b5?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

…from 2.10.1 to 2.21.2 Snyk has created this PR to upgrade com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider from 2.10.1 to 2.21.2. See this package in maven: com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider See this project in Snyk: https://app.snyk.io/org/mojo-8USVNVZRuv9HZjtox22wyx/project/ebd3438b-c88d-4f3a-ae8b-d6ad7c24a8b5?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

…from 2.10.1 to 2.21.2 Snyk has created this PR to upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-xml from 2.10.1 to 2.21.2. See this package in maven: com.fasterxml.jackson.dataformat:jackson-dataformat-xml See this project in Snyk: https://app.snyk.io/org/mojo-8USVNVZRuv9HZjtox22wyx/project/ebd3438b-c88d-4f3a-ae8b-d6ad7c24a8b5?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr

snyk-io · 2026-04-27T19:29:45Z

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

snyk-io Bot added 3 commits April 27, 2026 19:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.21.2#252

[Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.21.2#252
snyk-io[bot] wants to merge 4 commits into
masterfrom
snyk-upgrade-819d04b8f6c60b59c3b26711ed52e5ca

snyk-io Bot commented Apr 27, 2026

Uh oh!

snyk-io Bot commented Apr 27, 2026

Uh oh!

snyk-io Bot commented Apr 27, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

snyk-io Bot commented Apr 27, 2026

Snyk has created this PR to upgrade com.fasterxml.jackson.core:jackson-databind from 2.10.1 to 2.21.2.

Issues fixed by the recommended upgrade:

Breaking Change Risk

Uh oh!

snyk-io Bot commented Apr 27, 2026

Uh oh!

snyk-io Bot commented Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Snyk checks have passed. No issues have been found so far.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

snyk-io Bot commented Apr 27, 2026 •

edited

Loading