博客

解决jackson版本和springboot版本不兼容的问题

  • Post author:
  • Post category:其他




一、错误搭配



错误搭配一:

 

<dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
     <version>2.1.13.RELEASE</version>
</dependency>

<dependency>
     <groupId>com.fasterxml.jackson.core</groupId>
     <artifactId>jackson-databind</artifactId>
     <version>2.11.2</version>
</dependency>

springboot启动时报错: 

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'objectMapper' defined in class path resource [com/poizon/fusion/webmvc/core/configuration/FusionWebMvcConfigurer.class]: Post-processing of merged bean definition failed; nested exception is java.lang.IllegalStateException: Failed to introspect Class [com.fasterxml.jackson.databind.ObjectMapper] from ClassLoader [sun.misc.Launcher$AppClassLoader@18b4aac2]



错误搭配二:

 

<dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
     <version>2.3.10.RELEASE</version>
</dependency>

<dependency>
     <groupId>com.fasterxml.jackson.core</groupId>
     <artifactId>jackson-databind</artifactId>
     <version>2.9.10.8</version>
</dependency>

springboot启动时报错: 

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'formContentFilter' defined in class path resource [org/springframework/boot/autoconfigure/web/servlet/WebMvcAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.web.servlet.filter.OrderedFormContentFilter]: Factory method 'formContentFilter' threw exception; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.fasterxml.jackson.datatype.jsr310.JavaTimeModule]: Unresolvable class definition; nested exception is java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/ser/std/ToStringSerializerBase
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:657)
        at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:485)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBean


原因:

jackson版本和springboot版本不兼容



二、正确搭配



正确搭配一:

 

<dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
     <version>2.1.13.RELEASE</version>
</dependency>

<dependency>
     <groupId>com.fasterxml.jackson.core</groupId>
     <artifactId>jackson-databind</artifactId>
     <version>2.9.10.8</version>
</dependency>



正确搭配二:

 

<dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
     <version>2.3.10.RELEASE</version>
</dependency>

<dependency>
     <groupId>com.fasterxml.jackson.core</groupId>
     <artifactId>jackson-databind</artifactId>
     <version>2.11.2</version>
</dependency>


建议:

jackson最好使用2.11.0及以上版本



理由:

1、jackson-databind < 2.9.10.8,存在反序列化远程代码执行漏洞(CVE-2020-35490/CVE-2020-35491),远程攻击者可通过精心构造的恶意载荷利用该漏洞在系统执行任意代码;

2、jackson-databind 2.11.0及以上版本与spring-boot版本兼容。

【本文参考】

https://blog.csdn.net/wyk_dao/article/details/108729819


版权声明:本文为qq_44837912原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。