Patrick OFriel created PARQUET-1842:
---------------------------------------
Summary: Update Jackson Databind version to address CVE
Key: PARQUET-1842
URL: https://issues.apache.org/jira/browse/PARQUET-1842
Project: Parquet
Issue Type: Task
Components: parquet-mr
Affects Versions: 1.11.0
Environment: Any
Reporter: Patrick OFriel
Fix For: 1.11.1
The current version of jackson-databind in parquet-mr has several CVEs
associated with it: [https://nvd.nist.gov/vuln/detail/CVE-2020-10673],
[https://nvd.nist.gov/vuln/detail/CVE-2020-10672],
[https://nvd.nist.gov/vuln/detail/CVE-2020-10969],
[https://nvd.nist.gov/vuln/detail/CVE-2020-11111],
[https://nvd.nist.gov/vuln/detail/CVE-2020-11113], (and a few more). We should
update to jackson-databind 2.9.10.4
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
