This upgrade from Jackson 2.9.1 to 2.21.2 is a large version jump that includes several significant breaking changes requiring developer action and verification.

Key Breaking Changes

• Java Version Requirement: The minimum Java version has been raised. Jackson 2.9 required Java 7, but version 2.14 and later require Java 8 for all core components. Projects must be running on Java 8 or newer. [3, 9]
• JAX-RS Providers (Javax vs. Jakarta): Starting with version 2.13, Jackson introduced separate artifacts for JAX-RS providers to support both the older javax.* and newer jakarta.* namespaces. If you are using a modern JAX-RS implementation (like Jersey 3+), you will need to update your dependency from jackson-jaxrs-json-provider to the corresponding jackson-jakarta-rs-json-provider artifact. Failure to do so will result in runtime errors. [3, 4]
• New Default Processing Limits: To improve security against Denial of Service (DoS) attacks, version 2.15 introduced default limits on the maximum size of processed data. This includes a maximum string value length (initially 5MB, raised to 20MB in 2.15.1) and a maximum nesting depth of 1000. [1, 30, 33] Applications that process very large or deeply nested JSON documents may now encounter exceptions where they previously did not.
• Behavioral Changes:
  • Date/Time Formatting: In version 2.11, the default timezone offset format for java.util.Date and java.util.Calendar was changed to

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.