The PR of bumping Jackson to 2.9.6 gives some examples of the behavioral changes that Sean is referring to: https://github.com/apache/spark/pull/21596
Cheers, Fokko Driesprong Op vr 28 jun. 2019 om 14:13 schreef Sean Owen <sro...@gmail.com>: > https://github.com/apache/spark/blob/branch-2.4/pom.xml#L161 > Correct, because it would introduce behavior changes. > > On Fri, Jun 28, 2019 at 3:54 AM Pavithra R <pavithr...@huawei.com> wrote: > >> In spark master branch, the version of Jackson jars have been upgraded to >> 2.9.9 >> >> >> https://github.com/apache/spark/commit/bd8732300385ad99d2cec3a4af49953d8925eaf6 >> >> >> >> *[SPARK-27757][CORE] Bump Jackson to 2.9.9 – * >> >> >> >> This has been done to address CVE-2019-12086. >> >> >> >> Could you confirm why Jackson jars are not upgraded in older branches >> like 2.3 etc? >> >> >> >> Thanks, >> >> Pavithra R >> >> >> >> Huawei Technologies India Pvt. Ltd. >> >> Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield >> >> Bengaluru-560066, Karnataka >> >> Tel: + 91-80-49160700 Ext 72060II Mob: 9790706742 Email: >> pavithr...@huawei.com >> >> [image: Company_logo] >> ------------------------------ >> >> >> >> This e-mail and its attachments contain confidential information from >> HUAWEI, which >> is intended only for the person or entity whose address is listed above. >> Any use of the >> information contained herein in any way (including, but not limited to, >> total or partial >> disclosure, reproduction, or dissemination) by persons other than the >> intended >> recipient(s) is prohibited. If you receive this e-mail in error, please >> notify the sender by >> phone or email immediately and delete it! >> >> >> >> >> >