[jira] [Commented] (HUDI-8213) Exclude jackson-databind from hudi-spark-bundle to fix CVE-2017-17485

Senthil Kumar (Jira) Wed, 18 Sep 2024 06:02:37 -0700


    [ 
https://issues.apache.org/jira/browse/HUDI-8213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17882706#comment-17882706
 ]


Senthil Kumar commented on HUDI-8213:
-------------------------------------

We are seeing Critical level CVE CVE-2017-17485 in Hudi. And it is traced out 
from HTrace component(which uses jackson-databind version 2.4.0). So it is good 
to exclude  jackson-databind in packaging hudi-spark-bundle module.




!image-2024-09-18-18-31-09-618.png|width=1289,height=220!

> Exclude jackson-databind from hudi-spark-bundle to fix CVE-2017-17485
> ---------------------------------------------------------------------
>
>                 Key: HUDI-8213
>                 URL: https://issues.apache.org/jira/browse/HUDI-8213
>             Project: Apache Hudi
>          Issue Type: Bug
>          Components: spark
>    Affects Versions: 0.14.1, 0.15.0
>            Reporter: Senthil Kumar
>            Priority: Major
>         Attachments: image-2024-09-18-18-31-09-618.png
>
>
> Exclude jackson-databind from hudi-spark-bundle to fix CVE-2017-17485



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (HUDI-8213) Exclude jackson-databind from hudi-spark-bundle to fix CVE-2017-17485

Reply via email to