[ 
https://issues.apache.org/jira/browse/PARQUET-2198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17681230#comment-17681230
 ] 

Brais Couce commented on PARQUET-2198:
--------------------------------------

Do you have an ETA? If this is not the correct place, I'm sorry, but it is 
important to release a version with these changes because in the corporate 
world many companies have policies that do not allow to use software with 
libraries detected in the security analysis with vulnerabilities categorized 
with high severity.

> Vulnerabilities in jackson-databind
> -----------------------------------
>
>                 Key: PARQUET-2198
>                 URL: https://issues.apache.org/jira/browse/PARQUET-2198
>             Project: Parquet
>          Issue Type: Bug
>    Affects Versions: 1.12.3
>            Reporter: Łukasz Dziedziul
>            Priority: Major
>              Labels: jackson-databind, security, vulnerabilities
>
> Update jackson-databind to mitigate CVEs:
>  * [CVE-2022-42003|https://github.com/advisories/GHSA-jjjh-jjxp-wpff] - 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
>  * [CVE-2022-42004|https://github.com/advisories/GHSA-rgv9-q543-rqg4] - 
> [https://nvd.nist.gov/vuln/detail/CVE-2022-42004 (fixed in  
> 2.13.4)|https://nvd.nist.gov/vuln/detail/CVE-2022-42004]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to