[ https://issues.apache.org/jira/browse/PARQUET-2198?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17681230#comment-17681230 ]
Brais Couce commented on PARQUET-2198: -------------------------------------- Do you have an ETA? If this is not the correct place, I'm sorry, but it is important to release a version with these changes because in the corporate world many companies have policies that do not allow to use software with libraries detected in the security analysis with vulnerabilities categorized with high severity. > Vulnerabilities in jackson-databind > ----------------------------------- > > Key: PARQUET-2198 > URL: https://issues.apache.org/jira/browse/PARQUET-2198 > Project: Parquet > Issue Type: Bug > Affects Versions: 1.12.3 > Reporter: Łukasz Dziedziul > Priority: Major > Labels: jackson-databind, security, vulnerabilities > > Update jackson-databind to mitigate CVEs: > * [CVE-2022-42003|https://github.com/advisories/GHSA-jjjh-jjxp-wpff] - > [https://nvd.nist.gov/vuln/detail/CVE-2022-42003] > * [CVE-2022-42004|https://github.com/advisories/GHSA-rgv9-q543-rqg4] - > [https://nvd.nist.gov/vuln/detail/CVE-2022-42004 (fixed in > 2.13.4)|https://nvd.nist.gov/vuln/detail/CVE-2022-42004] -- This message was sent by Atlassian Jira (v8.20.10#820010)