[jira] [Created] (FLINK-27293) CVE-2020-36518 in flink-shaded jackson

Spencer Deehring (Jira) Mon, 18 Apr 2022 14:38:07 -0700

Spencer Deehring created FLINK-27293:
----------------------------------------


             Summary: CVE-2020-36518 in flink-shaded jackson
                 Key: FLINK-27293
                 URL: https://issues.apache.org/jira/browse/FLINK-27293
             Project: Flink
          Issue Type: Technical Debt
          Components: BuildSystem / Shaded
            Reporter: Spencer Deehring


jackson-databind contains a CVE and is pulled in via jackson-bom located here: 
[https://github.com/apache/flink-shaded/blob/master/flink-shaded-jackson-parent/pom.xml#L38]

 

This needs to be updated to version 
{code:java}
2.13.2.20220328 {code}
as noted here: 
[https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13#micro-patches]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (FLINK-27293) CVE-2020-36518 in flink-shaded jackson

Reply via email to