[
https://issues.apache.org/jira/browse/HIVE-22030?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16921364#comment-16921364
]
Robert Schaft commented on HIVE-22030:
--------------------------------------
Even jackson 2.9.9.1 has vulnerabilites:
[CVE-2019-14439|https://www.cvedetails.com/cve/CVE-2019-14439/] and
[CVE-2019-14379|https://www.cvedetails.com/cve/CVE-2019-14379/]
You need to bump to at least version 2.9.9.2. Newest ist 2.9.9.3
> Bumping jackson version to 2.9.9 and 2.9.9.1 (jackson-databind)
> ---------------------------------------------------------------
>
> Key: HIVE-22030
> URL: https://issues.apache.org/jira/browse/HIVE-22030
> Project: Hive
> Issue Type: Task
> Reporter: Dombi Akos
> Assignee: Dombi Akos
> Priority: Major
> Fix For: 4.0.0
>
>
> Bump the following jackson versions:
> - jackson version to 2.9.9
> - jackson-databind version to 2.9.9.1
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
