[jira] [Commented] (FLINK-27293) CVE-2020-36518 in flink-shaded jackson

Tue, 19 Apr 2022 00:04:11 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-27293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17524123#comment-17524123
 ] 

Martijn Visser commented on FLINK-27293:
----------------------------------------

[~chesnay] WDYT?

> CVE-2020-36518 in flink-shaded jackson
> --------------------------------------
>
>                 Key: FLINK-27293
>                 URL: https://issues.apache.org/jira/browse/FLINK-27293
>             Project: Flink
>          Issue Type: Technical Debt
>          Components: BuildSystem / Shaded
>            Reporter: Spencer Deehring
>            Priority: Blocker
>              Labels: pull-request-available
>
> jackson-databind contains a CVE and is pulled in via jackson-bom located 
> here: 
> [https://github.com/apache/flink-shaded/blob/master/flink-shaded-jackson-parent/pom.xml#L38]
> This needs to be updated to versionĀ 
> {code:java}
> 2.12.6.20220326{code}
> as noted here: 
> [https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12#micro-patches]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to