Details
Description
Several projects (originally raised in private email among committers of genius, then seen by me on infrautils, now raised by An Ho on https://lists.opendaylight.org/pipermail/release/2017-August/011985.html for daexim) have hit a Severe License analysis issues in jackson-dataformat-xml on Nexus IQ server CLM Job, seen e.g. here: https://clm.opendaylight.org/assets/index.html#/reports/daexim/d3d1cd100d6a4443a997ad713f474c35, due to what it thinks is a "Apache-2.0, LGPL-2.1, No Source License" on component com.fasterxml.jackson.dataformat : jackson-dataformat-xml : 2.3.2.
Stephen Kitt (skitt) in private email dixit, quote: "Likewise, there’s a security issue with Jackson (again, I haven’t checked in detail), and we pull that in via AAA and/or odlparent, so it’s not Genius’s concern either."
Let's track looking into what going on there in this bug.
I'm not sure which project needs to do something about this - let's start with AAA? (Folks from AAA, of course, please move this bug to another project appropriately, if jackson-dataformat-xml isn't inherited by all this other projects from you?)
Attachments
| # | Subject | Branch | Project | Status | CR | V |
|---|---|---|---|---|---|---|
| 70055,3 | AAA-143: Remove jackson dependencies | master | aaa | Status: MERGED | +2 | +1 |