Nico Kruber created FLINK-14104: ----------------------------------- Summary: Bump Jackson to 2.9.9.3 Key: FLINK-14104 URL: https://issues.apache.org/jira/browse/FLINK-14104 Project: Flink Issue Type: Bug Components: BuildSystem / Shaded Affects Versions: shaded-8.0, shaded-7.0 Reporter: Nico Kruber Assignee: Nico Kruber
Our current Jackson version (2.9.8) is vulnerable for at least this CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-14379 Bumping to 2.9.9.3 should solve it. See https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9 -- This message was sent by Atlassian Jira (v8.3.2#803003)