[
https://issues.apache.org/jira/browse/CALCITE-5115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17528420#comment-17528420
]
Julian Hyde commented on CALCITE-5115:
--------------------------------------
As far as I know, you can upgrade libraries such as jackson-databind by setting
the version in your runtime Maven configuration. This will override the default
version from Calcite. Jackson-databind uses semantic versioning so you should
be able to substitute any later minor version.
> upgrade jackson-databind due to CVE-2020-36518
> ----------------------------------------------
>
> Key: CALCITE-5115
> URL: https://issues.apache.org/jira/browse/CALCITE-5115
> Project: Calcite
> Issue Type: Bug
> Components: core
> Affects Versions: 1.30.0
> Reporter: Florian Brams
> Assignee: Julian Hyde
> Priority: Major
> Fix For: 1.31.0
>
>
> [https://nvd.nist.gov/vuln/detail/CVE-2020-36518]
> required version: 2.12.6.1, 2.13.2.1 or greater
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
