[
https://issues.apache.org/jira/browse/FLINK-27293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Flink Jira Bot updated FLINK-27293:
-----------------------------------
Labels: auto-deprioritized-major pull-request-available (was:
pull-request-available stale-major)
Priority: Minor (was: Major)
This issue was labeled "stale-major" 7 days ago and has not received any
updates so it is being deprioritized. If this ticket is actually Major, please
raise the priority and ask a committer to assign you the issue or revive the
public discussion.
> CVE-2020-36518 in flink-shaded jackson
> --------------------------------------
>
> Key: FLINK-27293
> URL: https://issues.apache.org/jira/browse/FLINK-27293
> Project: Flink
> Issue Type: Technical Debt
> Components: BuildSystem / Shaded
> Reporter: Spencer Deehring
> Priority: Minor
> Labels: auto-deprioritized-major, pull-request-available
>
> jackson-databind contains a CVE and is pulled in via jackson-bom located
> here:
> [https://github.com/apache/flink-shaded/blob/master/flink-shaded-jackson-parent/pom.xml#L38]
> This needs to be updated to versionĀ
> {code:java}
> 2.12.6.20220326{code}
> as noted here:
> [https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12#micro-patches]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
