[
https://issues.apache.org/jira/browse/FLINK-21544?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chesnay Schepler closed FLINK-21544.
------------------------------------
Resolution: Duplicate
> Upgrade Jackson databind version from 2.10.1 used in, at least, Flink Python
> jar
> --------------------------------------------------------------------------------
>
> Key: FLINK-21544
> URL: https://issues.apache.org/jira/browse/FLINK-21544
> Project: Flink
> Issue Type: Bug
> Reporter: Adam Roberts
> Priority: Major
>
> Hi everyone, in a similar manner to
> https://issues.apache.org/jira/browse/HADOOP-17555 I have done a Twistlock
> container scan and am looking at any dependencies we can upgrade to remediate
> any security issues that may be present.
>
> One such contender is this:
> {{ \{
> "version": "2.10.1",
> "name": "com.fasterxml.jackson.core_jackson-databind",
> "path": "/opt/flink/opt/flink-python_2.11-1.11.3.jar"},}}
> {{}}
> and so I'm wondering if we can upgrade this version to, say, 2.10.5.1,
> 2.12.1, or 2.11.4? Major bug because - surely CVEs in 2.10.1; it is quite old
> now as well (see
> [https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.10.1)]
> {{}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
