Hello, I work for Salesforce and we use Secor <https://github.com/pinterest/secor> for Pinterest for data ingestion.
Secor uses parquet-hadoop <https://github.com/pinterest/secor/blob/master/pom.xml#L266> dependency which has Apache Parquet Jackson as one of its dependencies. Apache Parquet Jackson jar has com.fasterxml.jackson.core_jackson-databind one of its dependencies. Latest Apache Parquet Jackson jar uses 2.13.2.2 version of com.fasterxml.jackson.core_jackson-databind. *This version has security vulnerabilities* CVE-2022-42004 <https://nvd.nist.gov/vuln/detail/CVE-2022-42004> (Fixed in 2.13.4) and CVE-2022-42003 <https://nvd.nist.gov/vuln/detail/CVE-2022-42003> (Fixed in 2.14.0) *I wanted to check what is the next expected release date for Apache Parquet Jackson jar which will have updated version of com.fasterxml.jackson.core_jackson-databind jar * Looking forward to hearing from you soon Thanks, Shrushti