[
https://issues.apache.org/jira/browse/CALCITE-5030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17510147#comment-17510147
]
Julian Hyde commented on CALCITE-5030:
--------------------------------------
Note that this issue fixes
[CVE-2021-27568|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568]
("An issue was discovered in netplex json-smart-v1 through 2015-10-23 and
json-smart-v2 through 2.4. An exception is thrown from a function, but it is
not caught, as demonstrated by NumberFormatException. When it is not caught, it
may cause programs using the library to crash or expose sensitive
information.") by upgrading jsonpath to a version that does not depend on a
compromised version of the json-smart library.
> Upgrade jsonpath version from 2.4.0 to 2.7.0
> --------------------------------------------
>
> Key: CALCITE-5030
> URL: https://issues.apache.org/jira/browse/CALCITE-5030
> Project: Calcite
> Issue Type: Task
> Components: core
> Reporter: Stamatis Zampetakis
> Assignee: Stamatis Zampetakis
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.30.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
