Several projects (originally raised in private email among committers of genius, then seen by me on infrautils, now raised by An Ho on https://lists.opendaylight.org/pipermail/release/2017-August/011985.html for daexim) have hit a Severe License analysis issues in jackson-dataformat-xml on Nexus IQ server CLM Job, seen e.g. here: https://clm.opendaylight.org/assets/index.html#/reports/daexim/d3d1cd100d6a4443a997ad713f474c35, due to what it thinks is a "Apache-2.0, LGPL-2.1, No Source License" on component com.fasterxml.jackson.dataformat : jackson-dataformat-xml : 2.3.2.

Stephen Kitt (skitt) in private email dixit, quote: "Likewise, there’s a security issue with Jackson (again, I haven’t checked in detail), and we pull that in via AAA and/or odlparent, so it’s not Genius’s concern either."

Let's track looking into what going on there in this bug.

I'm not sure which project needs to do something about this - let's start with AAA? (Folks from AAA, of course, please move this bug to another project appropriately, if jackson-dataformat-xml isn't inherited by all this other projects from you?)