[jira] [Commented] (PARQUET-1895) Update jackson-databind to 2.9.10.5

Gabor Szadovszky (Jira) Thu, 13 Aug 2020 03:26:32 -0700


    [ 
https://issues.apache.org/jira/browse/PARQUET-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17176905#comment-17176905
 ]


Gabor Szadovszky commented on PARQUET-1895:
-------------------------------------------

2.11.2 is later (in terms of release date) than 2.9.10.5. So, I guess it would 
be a better choice.

> Update jackson-databind to 2.9.10.5
> -----------------------------------
>
>                 Key: PARQUET-1895
>                 URL: https://issues.apache.org/jira/browse/PARQUET-1895
>             Project: Parquet
>          Issue Type: Task
>          Components: parquet-mr
>    Affects Versions: 1.11.0
>            Reporter: Patrick OFriel
>            Priority: Major
>             Fix For: 1.12.0
>
>
> The jackson databind 2.9.10.4 has the following CVEs:
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14060]
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14061]
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14062]
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14195]
> They should be resolved if we update to 2.9.10.5



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (PARQUET-1895) Update jackson-databind to 2.9.10.5

Reply via email to