[jira] [Commented] (HADOOP-17094) vulnerabilities reported in jackson and jackson-databind in branch-2.10

Wei-Chiu Chuang (Jira) Thu, 25 Jun 2020 10:32:12 -0700


    [ 
https://issues.apache.org/jira/browse/HADOOP-17094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17145688#comment-17145688
 ]


Wei-Chiu Chuang commented on HADOOP-17094:
------------------------------------------

+1 to update to jackson-databind 2.10. 

2.9.10 and 2.10 are almost API compatible. But 2.10 leaks a new dependency so 
it might break HBase.

> vulnerabilities reported in jackson and jackson-databind in branch-2.10
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-17094
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17094
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.10.0, 2.10.1
>            Reporter: Ahmed Hussein
>            Assignee: Ahmed Hussein
>            Priority: Major
>
> There are known vulnerabilities in the 
> com.fasterxml.jackson.core:jackson-databind package [,2.9.10.5).
> [List of 
> vulnerabilities|https://snyk.io/vuln/maven:com.fasterxml.jackson.core%3Ajackson-databind].
> Upgrading jackson and jackson-databind to 2.10 should get rid of those 
> vulnerabilities.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HADOOP-17094) vulnerabilities reported in jackson and jackson-databind in branch-2.10

Reply via email to