[jira] [Commented] (PARQUET-2127) Security risk in latest parquet-jackson-1.12.2.jar

Mon, 21 Mar 2022 12:54:05 -0700 


    [ 
https://issues.apache.org/jira/browse/PARQUET-2127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510088#comment-17510088
 ] 

ASF GitHub Bot commented on PARQUET-2127:
-----------------------------------------

trevorurquhart opened a new pull request #952:
URL: https://github.com/apache/parquet-mr/pull/952


   ### Jira
   
   - [ ] My PR addresses the following [Parquet 
Jira](https://issues.apache.org/jira/browse/PARQUET/) issues and references 
them in the PR title. 
     - https://issues.apache.org/jira/browse/PARQUET-2127
     - In case you are adding a dependency, check if the license complies with 
the [ASF 3rd Party License 
Policy](https://www.apache.org/legal/resolved.html#category-x).
   
   ### Tests
   
   - [ ] Tests all pass with upgrade of jackson to 2.13.2
   
   ### Commits
   
   - [ ] My commits all reference Jira issues in their subject lines. In 
addition, my commits follow the guidelines from "[How to write a good git 
commit message](http://chris.beams.io/posts/git-commit/)":
     1. Subject is separated from body by a blank line
     1. Subject is limited to 50 characters (not including Jira issue reference)
     1. Subject does not end with a period
     1. Subject uses the imperative mood ("add", not "adding")
     1. Body wraps at 72 characters
     1. Body explains "what" and "why", not "how"
   
   ### Documentation
   
   - [ ] No new functionality
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


> Security risk in latest parquet-jackson-1.12.2.jar
> --------------------------------------------------
>
>                 Key: PARQUET-2127
>                 URL: https://issues.apache.org/jira/browse/PARQUET-2127
>             Project: Parquet
>          Issue Type: Improvement
>            Reporter: phoebe chen
>            Priority: Major
>
> Embed jackson-databind:2.11.4 has security risk of Possible DoS if using JDK 
> serialization to serialize JsonNode 
> ([https://github.com/FasterXML/jackson-databind/issues/3328] ), upgrade to 
> 2.13.1 can fix this.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to