[
https://issues.apache.org/jira/browse/IMPALA-14151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18018882#comment-18018882
]
Michael Smith commented on IMPALA-14151:
----------------------------------------
There have been a bunch of jackson-core releases since 2.18.1:
https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core.
Would we want to move to a newer one?
> Update jackson.core CVE
> -----------------------
>
> Key: IMPALA-14151
> URL: https://issues.apache.org/jira/browse/IMPALA-14151
> Project: IMPALA
> Issue Type: Improvement
> Reporter: Pranav Yogi Lodha
> Priority: Major
>
> Update jackson.core from 2.10.2 to 2.18.1 due to the following CVEs:
> CVE-2020-36518, CVE-2020-36517, CVE-2021-20190 CVE-2020-15250 CVE-2022-42003
> CVE-2023-35116.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
