Upgrade from 1.3.19 to 2.0.9

Gautham

unread,

Jul 22, 2020, 6:14:15 AM7/22/20

to dropwizard-user

Hi,

How difficult is it to upgrade dropwizard from 1.3.19 to 2.0.9 ?

There are other dependencies like sundail and jdbi3-sqlobject ,

just updating my pom.xml , I some runtime errors, but I'm not yet sure how to fix them.

Any help would be appreciated.

Jingjing Duan

unread,

Jul 22, 2020, 1:30:56 PM7/22/20

to dropwizard-user

I'm very much interested in this topic as well. At work, we have hundreds of microservices built on top of Dropwizard and we have been stuck at version 1.0.9 for a couple years. My plan is to upgrade to the latest 1.3.24 first, given the lower risk of upgrading to the same major version. That said, we'll likely to migrate to 2.X after that. So it'd be great to learn the level of difficulty to migrate the latest 1.X to the latest 2.X. Thanks!

Gautham Goli

unread,

Jul 22, 2020, 2:05:17 PM7/22/20

to dropwiz...@googlegroups.com

1.x.x versions (at least 1.3.19) have some high severity vulnerabilities so we cannot afford to be using that in production.

--
You received this message because you are subscribed to a topic in the Google Groups "dropwizard-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dropwizard-user/nWdjAhQ6BoU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dropwizard-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/af58e559-6d27-4e2f-981d-48c871aafd6do%40googlegroups.com.

Jingjing Duan

unread,

Jul 22, 2020, 2:58:23 PM7/22/20

to dropwiz...@googlegroups.com

Hi Gautham,

Can you share the list of security vulnerabilities? Thanks.

You received this message because you are subscribed to the Google Groups "dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/CAHiqsju36KJcSWZt4s6odHHNfWdTXnZx%3DxFEHXbYOUUfFh9bbQ%40mail.gmail.com.

--

Cheers,

Jingjing Duan

עוזיאל סולקיס‎

unread,

Jul 23, 2020, 3:22:43 AM7/23/20

to dropwiz...@googlegroups.com

Hi,

I upgraded to dropwizard 2 a few months ago.

Follow the migration guide: https://github.com/dropwizard/dropwizard/wiki/Upgrade-guide-1.3.x-to-2.0.x

Are you already on jdbi3? If not, this alone will be a lot of work (Although according to the guide you can still try and work with Jdbi 2, but I don't think it's recommended)

Is your code tested well? Strong integration tests between microservices? And for external clients?

You're going to bump a major version of Jackson as well.

Are you running Java? (I did it with Kotlin and I had a few issues with Jackson and kotlin data classes).

I suggest first trying to bump the dropwizard version in your pom.xml (assuming you're using maven), and also add a dependency management of type "pom" on the dropwizard-dependencies artifact.

This is to force all other libraries versions to be compatible with the dropwizard version. In short, try making sure you don't have versions converging as much as possible.

Then try to make your code compile (if the migration guide does not help you, share here your difficulties).

Then, try to make it run (same).

Then test it.

Good Luck!

‫בתאריך יום ד׳, 22 ביולי 2020 ב-21:58 מאת ‪Jingjing Duan‬‏ <‪duanji...@gmail.com‬‏>:‬

To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/CAOkLzM3NnDUcLzB7EzKGiUvGJu%2BhEE0DHwL8qjFrwK%2B%3Dx3Fgmg%40mail.gmail.com.