This is a major version upgrade across multiple releases (2.8.9 → 2.21.2) for core Jackson components and introduces significant breaking changes, most notably requiring a Java runtime update.

Key Breaking Changes:

• Java 8 Required: The most critical change is the increase of the minimum Java version. Jackson 2.13 and later require Java 8, whereas version 2.8 was compatible with Java 7. Applications running on Java 7 will fail to start.

• JAX-RS Provider Changes (jackson-jaxrs-json-provider):

  • JAX-RS 1.x Support Dropped: Starting with version 2.13, support for JAX-RS 1.x implementations has been removed. You must be using a JAX-RS 2.x compatible implementation (like newer versions of Jersey or RESTEasy).
  • Javax vs. Jakarta Namespace: Version 2.13 introduced new provider modules for the jakarta.* namespace. Since you are upgrading jackson-jaxrs-json-provider, you are using the javax.* variant. Ensure your application server or framework has not migrated to the jakarta.* namespace, as that would require switching to the jackson-jakarta-rs-json-provider artifact.

• Core API & Behavior Changes:

  • Safe Default Typing (2.10+): To mitigate security vulnerabilities (CVEs), the mechanism for enabling global polymorphic deserialization (enableDefaultTyping) was replaced by a safer API (activateDefaultTyping). If you use default typing, you must update your ObjectMapper configuration.
  • Stricter Generics (2.10+): A source-incompatible change was introduced that makes generic type assignment for TypeReference stricter. Code that previously compiled may now fail with a compilation error if the generic types do not strictly match.

Recommendation:

1. Verify Java Version: Confirm your production environment is running on Java 8 or newer.
2. Review JAX-RS Usage: Ensure you are using a JAX-RS 2.x implementation and that your application still uses the javax.ws.rs package namespace.
3. Audit ObjectMapper Configuration: Search for usages of enableDefaultTyping and migrate to the new activateDefaultTyping API if it is in use.

Source: Jackson Project release notes for versions 2.9 through 2.21.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.