Romain Manni-Bucau created BEAM-7881:
----------------------------------------
Summary: [CVE] Get rid of jackson or ensure it has no CVE
Key: BEAM-7881
URL: https://issues.apache.org/jira/browse/BEAM-7881
Project: Beam
Issue Type: Task
Components: sdk-java-core
Affects Versions: 2.14.0
Reporter: Romain Manni-Bucau
Jackson keeps having CVE on all releases of databind and transitively beam sdk
java core has CVE on all its releases (for the record, when writing this issue
you must use at least jackson-databind 2.9.9.2 but last week it was 2.9.9.1 and
2.14 didn't get the fix).
Can be neat to get rid of jackson which does not fix this issue for a very long
time now and just use JSON-B or another JSON impl to ensure the CVE is not
usable because beam is there.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
