...
Security subcommittee has recommended teams move away from jackson, and will be presenting alternatives and asking for an assessment from each project. Our team will need to do an analysis - this would not be trivial, especially given how many of our repos are impacted. As of now, this would be a very high LOE for the team, we need to understand what the recommendation from the SECCOM is before we can provide better details on what the LOE would be.
Three Areas of Concern
- Direct usage of Jackson by ONAP code
- Frameworks configured with Jackson like Spring Boot
- Usage of Jackson by third-party tools like Cassandra
Survey of Replacement Options
...