[jira] [Commented] (FLINK-22602) Upgrade parquet to 1.12.0 due to CVEs

Till Rohrmann (Jira) Mon, 10 Jan 2022 01:32:17 -0800


    [ 
https://issues.apache.org/jira/browse/FLINK-22602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17471795#comment-17471795
 ]


Till Rohrmann commented on FLINK-22602:
---------------------------------------

Should we upgrade to 1.12.2?

cc [~MartijnVisser] and [~fpaul]

> Upgrade parquet to 1.12.0 due to CVEs
> -------------------------------------
>
>                 Key: FLINK-22602
>                 URL: https://issues.apache.org/jira/browse/FLINK-22602
>             Project: Flink
>          Issue Type: Bug
>          Components: Formats (JSON, Avro, Parquet, ORC, SequenceFile)
>    Affects Versions: 1.13.0, 1.12.3, 1.13.1
>            Reporter: Bo Cui
>            Priority: Critical
>              Labels: auto-deprioritized-major, pull-request-available
>
> We scanned jackson-databind&core for some vulnerabilities 
> (CVE-2020-24616/CVE-2021-20190/CVE-2020-36184/CVE-2020-36183/CVE-2020-9546...).
>  Apache Parquet depends on them, so we upgraded parquet to version 1.12.0.
>  
> parquet code 
> link：https://github.com/apache/parquet-mr/blob/db75a6815f2ba1d1ee89d1a90aeb296f1f3a8f20/pom.xml#L78



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (FLINK-22602) Upgrade parquet to 1.12.0 due to CVEs

Reply via email to