SpringBoot Jackson 2.13.x compatibility

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Spring Boot 2.5.x brings in the version 2.12.6. Since 2.12.x and 2.13.x are different major versions, the compatibility issue arises. Therefore, requesting you to clarify if jackson 2.13.x is compatible with Spring Boot 2.5.x

Comment From: bclozel

I guess this is related to https://github.com/FasterXML/jackson-databind/issues/2816#issuecomment-1066000457

From the looks of #28298, it doesn't seem this has introduced breaking changes.

I'm not sure creating issues like this one and #29569 really helps. We have a clear upgrade policy and 3rd party project maintainers choose to backport or not fixes. While we can point to obvious incompatibilities between versions, this is just valid for our own build and test suite. What I mean is: even if this comment says that it doesn't look incompatible from our perspective, it may very well break your application if it is using a feature that we don't. The best course of action here is to run your test suite against this version.