[
https://issues.apache.org/jira/browse/HADOOP-16905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17424874#comment-17424874
]
Brahma Reddy Battula commented on HADOOP-16905:
-----------------------------------------------
[~weichiu] I think, we should backport this branch-3.2 so that this CVE will be
fixed in upcoming release 3..2.3.
> Update jackson-databind to 2.10.3 to relieve us from the endless CVE patches
> ----------------------------------------------------------------------------
>
> Key: HADOOP-16905
> URL: https://issues.apache.org/jira/browse/HADOOP-16905
> Project: Hadoop Common
> Issue Type: Sub-task
> Reporter: Wei-Chiu Chuang
> Assignee: Wei-Chiu Chuang
> Priority: Major
> Labels: pull-request-available, release-blocker
> Fix For: 3.3.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Jackson-databind 2.10 should relieve us from the endless CVE patches
> according to
> https://medium.com/@cowtowncoder/jackson-2-10-features-cd880674d8a2
> Not sure if this is an easy update, but i think we should do this in the
> Hadoop 3.3.0 and before removing jackson-databind entirely.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
