Restore jdk 6 compatibility
See original GitHub issueThe wording is a bit confusing, but on the docs and the poms for jackson-core and jackson-databind it’s stated that they are supposed to work with jdk 6 (altough jdk 7 is required for build/compile).
From the jackson-databind readme:
## Limitation on Dependencies by Core Components
One additional limitation exists for so-called core components (streaming api, jackson-annotations and jackson-databind): no additional dependencies are allowed beyond:
* Core components may rely on any methods included in the supported JDK
* Minimum JDK version is 1.6 as of Jackson 2.4 and above (1.5 was baseline with 2.3 and earlier)
From the jackson-databind 2.9.9 pom:
<properties>
<!--
With Jackson 2.9 we will require JDK 7 (except for annotations/streaming),
and new language features (diamond pattern) may be used.
JDK classes are still loaded dynamically since there isn't much downside
(small number of types); this allows use on JDK 6 platforms still (including
Android)
-->
<javac.src.version>1.7</javac.src.version>
<javac.target.version>1.7</javac.target.version>
But at the sime time, the target version is set at jdk 1.7 (see above).
Thus, when updating to jackson-core and jackson-databind 2.9.9 and running in a jdk 6 we get:
java.lang.UnsupportedClassVersionError: com/fasterxml/jackson/databind/ObjectMapper : Unsupported major.minor version 51.0
Could java 6 support be restored? Maybe generating a new artifact with jdk6 classifier if the main branch is to be kept jdk 7+?
The reason for this request is that I’m updating dependencies on a legacy system with restrictions on its max jdk version to jdk6, due to CVEs, and jackson-databind ones are only solved in 3.9.9 (latest version with java 6 target was 2.7.9.5 it seems, with 9 found CVEs)
Thanks!
Issue Analytics
- State:
- Created 4 years ago
- Comments:23 (5 by maintainers)
Top GitHub Comments
@atomax72 Remind me again which contract are you on? How much do you pay for maintenance? Or have you perhaps contributed something of value (whiney comments not included).
Neither I nor this project owes you anything, literally. If you come here whining and bitching, exit is right over there. Do not let the door hit you in the ass on your way out.
I wanna see what he says… But shew, I can’t believe this was even asked.
In December JDK 8 is officially EOL, never mind JDK6. You’re asking for CVE security updates, but your JDK has more security issues and flaws than any library you’re going to plug into it.
I wanna see what he says, but I personally think the priorities are way off. If I remember right even the JDK 7 minimum is being removed and going minimum JDK 8, because well, JDK 7 also has a ton of security issues that will never get resolved.
Jackson is not your biggest security concern here, and I think you need to give your project manager bit of a wake up call