SpringBoot Jackson 2.12.6 compatibility with Spring Boot 2.4.13

A vulnerability (WS-2021-0616) was discovered in jackson library. It is fixed in versions 2.12.6 and 2.13.1. Spring Boot 2.4.13 comes with jackson 2.11.4. The fixed version seems to be a different major version. Therefore, the compatibility is unclear. Requesting you to clarify if Spring Boot 2.4.13 is compatible with jackson 2.12.6

Comment From: snicoll

Spring Boot 2.4.x is out of OSS support so please upgrade at your earliest convenience to a supported version.

Comment From: bclozel

I don't think Spring Boot 2.4.x will be binary compatible with Jackson 2.12. You can see the changes made in Spring Boot 2.5.0 (see #24415) to adapt to the Jackson changes. We've made sure that Spring Boot 2.5.x works with previous Jackson versions, but I don't think the other way around can work.

Note that Spring Boot 2.4.x is out of OSS support, so this might be a good idea to upgrade anyway.

Comment From: meier-th

@bclozel , thank you for the clarification!