[jira] [Commented] (PARQUET-2300) Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067

Gang Wu (Jira) Mon, 22 May 2023 19:00:05 -0700


    [ 
https://issues.apache.org/jira/browse/PARQUET-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725153#comment-17725153
 ]


Gang Wu commented on PARQUET-2300:
----------------------------------

There is a PR to upgrade it: 
[https://github.com/apache/parquet-mr/pull/1093|https://github.com/apache/parquet-mr/pull/1093]

> Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067
> --------------------------------------------------------------------
>
>                 Key: PARQUET-2300
>                 URL: https://issues.apache.org/jira/browse/PARQUET-2300
>             Project: Parquet
>          Issue Type: Bug
>          Components: parquet-mr
>    Affects Versions: 1.13.0
>            Reporter: Gianluca Vagnoni
>            Priority: Major
>
> The library "{*}parquet-jackson{*}" version 1.13.0 and 1.13.1 contains the 
> vulnerability PRISMA-2023-0067 
> ([https://github.com/FasterXML/jackson-core/pull/827)] 
> ([https://github.com/IBM/ibm-cos-sdk-java/issues/58)]
> Please upgrade the shaded library to jackson-core version 2.15.0 to fix it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (PARQUET-2300) Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067

Reply via email to