[ https://issues.apache.org/jira/browse/HADOOP-18033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17564761#comment-17564761 ]
Akira Ajisaka edited comment on HADOOP-18033 at 7/11/22 2:28 AM: ----------------------------------------------------------------- bq. we might have to call out on the Jackson CVE The CVE is fixed in 2.12.6.1 or upper (https://github.com/FasterXML/jackson-databind/issues/2816), therefore we should change the version to 2.12.7 (the latest 2.12.x as of now). That way the vulnerability will be still fixed. was (Author: ajisakaa): bq. we might have to call out on the Jackson CVE The CVE is fixed in 2.12.6.1 or upper (https://github.com/FasterXML/jackson-databind/issues/2816), therefore we should change the version to 2.12.7 (the latest 2.12.x as of now). > Upgrade fasterxml Jackson to 2.13.0 > ----------------------------------- > > Key: HADOOP-18033 > URL: https://issues.apache.org/jira/browse/HADOOP-18033 > Project: Hadoop Common > Issue Type: Improvement > Components: build > Reporter: Akira Ajisaka > Assignee: Viraj Jasani > Priority: Major > Labels: pull-request-available > Fix For: 3.4.0, 3.3.2 > > Time Spent: 5.5h > Remaining Estimate: 0h > > Spark 3.2.0 depends on Jackson 2.12.3. Let's upgrade to 2.12.5 (2.12.x latest > as of now) or upper. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org