[ https://issues.apache.org/jira/browse/FLINK-14104?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chesnay Schepler updated FLINK-14104: ------------------------------------- Fix Version/s: 1.9.2 1.8.3 1.10.0 > Bump Jackson to 2.10.1 > ---------------------- > > Key: FLINK-14104 > URL: https://issues.apache.org/jira/browse/FLINK-14104 > Project: Flink > Issue Type: Bug > Components: BuildSystem / Shaded > Affects Versions: shaded-7.0, shaded-8.0 > Reporter: Nico Kruber > Assignee: Nico Kruber > Priority: Major > Labels: pull-request-available > Fix For: 1.10.0, shaded-9.0, 1.8.3, 1.9.2 > > Time Spent: 0.5h > Remaining Estimate: 0h > > Our current Jackson version (2.9.8) is vulnerable for at least this CVE: > https://nvd.nist.gov/vuln/detail/CVE-2019-14379 > Bumping to 2.9.9.3 should solve it. > See https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9 -- This message was sent by Atlassian Jira (v8.3.4#803005)