[
https://issues.apache.org/jira/browse/PARQUET-1842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17089942#comment-17089942
]
ASF GitHub Bot commented on PARQUET-1842:
-----------------------------------------
Fokko commented on issue #785:
URL: https://github.com/apache/parquet-mr/pull/785#issuecomment-617963038
@patrickofriel-wk No nothing from your side. It is just common courtesy to
wait a bit, so other committers/PMC can response, before merging. Thanks for
your contribution @patrickofriel-wk
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Update Jackson Databind version to address CVE
> ----------------------------------------------
>
> Key: PARQUET-1842
> URL: https://issues.apache.org/jira/browse/PARQUET-1842
> Project: Parquet
> Issue Type: Task
> Components: parquet-mr
> Affects Versions: 1.11.0
> Environment: Any
> Reporter: Patrick OFriel
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.11.1
>
>
> The current version of jackson-databind in parquet-mr has several CVEs
> associated with it: [https://nvd.nist.gov/vuln/detail/CVE-2020-10673],
> [https://nvd.nist.gov/vuln/detail/CVE-2020-10672],
> [https://nvd.nist.gov/vuln/detail/CVE-2020-10969],
> [https://nvd.nist.gov/vuln/detail/CVE-2020-11111],
> [https://nvd.nist.gov/vuln/detail/CVE-2020-11113], (and a few more). We
> should update to jackson-databind 2.9.10.4
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
