[jira] [Commented] (PARQUET-1842) Update Jackson Databind version to address CVE

ASF GitHub Bot (Jira) Wed, 22 Apr 2020 12:32:27 -0700


    [ 
https://issues.apache.org/jira/browse/PARQUET-1842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17089976#comment-17089976
 ]


ASF GitHub Bot commented on PARQUET-1842:
-----------------------------------------

Fokko commented on issue #785:
URL: https://github.com/apache/parquet-mr/pull/785#issuecomment-617985085


   My pleasure @patrickofriel-wk 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> Update Jackson Databind version to address CVE
> ----------------------------------------------
>
>                 Key: PARQUET-1842
>                 URL: https://issues.apache.org/jira/browse/PARQUET-1842
>             Project: Parquet
>          Issue Type: Task
>          Components: parquet-mr
>    Affects Versions: 1.11.0
>         Environment: Any
>            Reporter: Patrick OFriel
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.12.0
>
>
> The current version of jackson-databind in parquet-mr has several CVEs 
> associated with it: [https://nvd.nist.gov/vuln/detail/CVE-2020-10673], 
> [https://nvd.nist.gov/vuln/detail/CVE-2020-10672], 
> [https://nvd.nist.gov/vuln/detail/CVE-2020-10969], 
> [https://nvd.nist.gov/vuln/detail/CVE-2020-11111], 
> [https://nvd.nist.gov/vuln/detail/CVE-2020-11113], (and a few more). We 
> should update to jackson-databind 2.9.10.4



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (PARQUET-1842) Update Jackson Databind version to address CVE

Reply via email to