[
https://issues.apache.org/jira/browse/HDDS-2139?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16931283#comment-16931283
]
Steve Loughran commented on HDDS-2139:
--------------------------------------
we've been discussing removing databind altogether if we can because it's
ability to deserialize into objects makes it a CVE factory. How much use does
ozone make of it?
> Update BeanUtils and Jackson Databind dependency versions
> ---------------------------------------------------------
>
> Key: HDDS-2139
> URL: https://issues.apache.org/jira/browse/HDDS-2139
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Reporter: Hanisha Koneru
> Assignee: Hanisha Koneru
> Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The following Ozone dependencies have known security vulnerabilities. We
> should update them to newer/ latest versions.
> * Apache Common BeanUtils version 1.9.3
> * Fasterxml Jackson version 2.9.5
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
