[ https://issues.apache.org/jira/browse/HDFS-15741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17252955#comment-17252955 ]
Wei-Chiu Chuang commented on HDFS-15741: ---------------------------------------- According to https://github.com/FasterXML/jackson-databind/issues/2589, fix is included in {quote} 2.6.7.4 2.9.10.7 2.10.5.1 2.11.0 and later {quote} The htrace -- we'll have to remove that dependency. CC [~smeng] > Vulnerability fixes needed for Jackson Hadoop dependency library > ----------------------------------------------------------------- > > Key: HDFS-15741 > URL: https://issues.apache.org/jira/browse/HDFS-15741 > Project: Hadoop HDFS > Issue Type: Bug > Components: security > Affects Versions: 3.1.1 > Reporter: Souryakanta Dwivedy > Priority: Minor > Attachments: CVEs_found.png > > > Vulnerability fixes need for Jackson Hadoop dependency library > Below are the Jackson library jars used for hadoop where CVEs are found > Jackson [version 2.10.3 ] > - jackson-core-2.10.3.jar > CVE details :- [ CVE-2020-25649 ] > ====================== > Jackson-core [version 2.4.0 ] > - htrace-core-3.1.0-incubating.jar > CVE details :- [ CVE-2020-24616 ] > ================ ===== > > > > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org