[
https://issues.apache.org/jira/browse/HADOOP-18033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17564761#comment-17564761
]
Akira Ajisaka edited comment on HADOOP-18033 at 7/11/22 2:28 AM:
-----------------------------------------------------------------
bq. we might have to call out on the Jackson CVE
The CVE is fixed in 2.12.6.1 or upper
(https://github.com/FasterXML/jackson-databind/issues/2816), therefore we
should change the version to 2.12.7 (the latest 2.12.x as of now). That way the
vulnerability will be still fixed.
was (Author: ajisakaa):
bq. we might have to call out on the Jackson CVE
The CVE is fixed in 2.12.6.1 or upper
(https://github.com/FasterXML/jackson-databind/issues/2816), therefore we
should change the version to 2.12.7 (the latest 2.12.x as of now).
> Upgrade fasterxml Jackson to 2.13.0
> -----------------------------------
>
> Key: HADOOP-18033
> URL: https://issues.apache.org/jira/browse/HADOOP-18033
> Project: Hadoop Common
> Issue Type: Improvement
> Components: build
> Reporter: Akira Ajisaka
> Assignee: Viraj Jasani
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.2
>
> Time Spent: 5.5h
> Remaining Estimate: 0h
>
> Spark 3.2.0 depends on Jackson 2.12.3. Let's upgrade to 2.12.5 (2.12.x latest
> as of now) or upper.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
