[
https://issues.apache.org/jira/browse/PARQUET-1895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17212275#comment-17212275
]
ASF GitHub Bot commented on PARQUET-1895:
-----------------------------------------
gszadovszky commented on pull request #811:
URL: https://github.com/apache/parquet-mr/pull/811#issuecomment-707020958
@grumpyjames, I really hope it meets the standards :smiley:. I completely
forgot about it. Thanks for the heads up.
Based on the apache policy we need an approval of a committer (even if the
author is one of them).
@shangxinli, could you have a quick look on this one?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Update jackson-databind
> -----------------------
>
> Key: PARQUET-1895
> URL: https://issues.apache.org/jira/browse/PARQUET-1895
> Project: Parquet
> Issue Type: Task
> Components: parquet-mr
> Affects Versions: 1.11.0
> Reporter: Patrick OFriel
> Assignee: Gabor Szadovszky
> Priority: Major
> Fix For: 1.12.0
>
>
> The jackson databind 2.9.10.4 has the following CVEs:
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14060]
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14061]
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14062]
> [https://nvd.nist.gov/vuln/detail/CVE-2020-14195]
> They should be resolved if we update to 2.9.10.5
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
