Spencer Deehring created FLINK-27293: ----------------------------------------
Summary: CVE-2020-36518 in flink-shaded jackson Key: FLINK-27293 URL: https://issues.apache.org/jira/browse/FLINK-27293 Project: Flink Issue Type: Technical Debt Components: BuildSystem / Shaded Reporter: Spencer Deehring jackson-databind contains a CVE and is pulled in via jackson-bom located here: [https://github.com/apache/flink-shaded/blob/master/flink-shaded-jackson-parent/pom.xml#L38] This needs to be updated to version {code:java} 2.13.2.20220328 {code} as noted here: [https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13#micro-patches] -- This message was sent by Atlassian Jira (v8.20.1#820001)