[Snyk] Fix for 1 vulnerabilities

[snyk-io]

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• samples/server/petstore/jaxrs-cxf-annotated-base-path/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-COMFASTERXMLJACKSONCORE-15907551	125	com.fasterxml.jackson.datatype:jackson-datatype-joda: 2.10.1 -> 2.21.2 com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider: 2.10.1 -> 2.21.2 No Path Found No Known Exploit

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[snyk-io]

This upgrade spans multiple minor versions of the Jackson library, from 2.10.1 to 2.21.2. While it should be largely backward-compatible at the API level, there are significant environmental and behavioral changes that require verification.

Key Changes:

• Java 8 Runtime Required: Starting with version 2.13, most Jackson components require a Java 8 runtime environment. Projects still on Java 7 will need to upgrade.
• New Processing Limits: To enhance security against Denial-of-Service (DoS) attacks, version 2.15 introduced default limits on the size and nesting depth of JSON documents being processed. Input exceeding these limits (e.g., string values over 5 million characters by default) will throw a StreamConstraintsException. This is a behavioral change that could impact applications handling large JSON payloads.
• Behavioral Change in Annotation Handling: In version 2.14, the handling of conflicting @JsonIgnore and @JsonProperty annotations was changed. @JsonIgnore is now given higher precedence, which could result in fields being excluded from serialization where they were previously included.
• JAX-RS Provider Changes: The jackson-jaxrs-json-provider module dropped its workaround for JAX

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.