[
https://issues.apache.org/jira/browse/FLINK-22602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Flink Jira Bot updated FLINK-22602:
-----------------------------------
Labels: auto-deprioritized-major pull-request-available (was:
pull-request-available stale-major)
Priority: Minor (was: Major)
This issue was labeled "stale-major" 7 days ago and has not received any
updates so it is being deprioritized. If this ticket is actually Major, please
raise the priority and ask a committer to assign you the issue or revive the
public discussion.
> Upgrade parquet to 1.12.0 due to CVEs
> -------------------------------------
>
> Key: FLINK-22602
> URL: https://issues.apache.org/jira/browse/FLINK-22602
> Project: Flink
> Issue Type: Bug
> Components: Formats (JSON, Avro, Parquet, ORC, SequenceFile)
> Affects Versions: 1.13.0, 1.12.3, 1.13.1
> Reporter: Bo Cui
> Priority: Minor
> Labels: auto-deprioritized-major, pull-request-available
>
> We scanned jackson-databind&core for some vulnerabilities
> (CVE-2020-24616/CVE-2021-20190/CVE-2020-36184/CVE-2020-36183/CVE-2020-9546...).
> Apache Parquet depends on them, so we upgraded parquet to version 1.12.0.
>
> parquet code
> link:https://github.com/apache/parquet-mr/blob/db75a6815f2ba1d1ee89d1a90aeb296f1f3a8f20/pom.xml#L78
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
