[
https://issues.apache.org/jira/browse/NIFI-9952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17527181#comment-17527181
]
ASF subversion and git services commented on NIFI-9952:
-------------------------------------------------------
Commit 4f423a59ba6ef40cbed8dda225c6cbba7bc94dc6 in nifi's branch
refs/heads/dependabot/maven/nifi-nar-bundles/nifi-standard-services/nifi-hbase_1_1_2-client-service-bundle/org.apache.hadoop-hadoop-common-3.2.3
from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=4f423a59ba ]
NIFI-9952 Upgraded Jackson BOM to 2.13.2.20220328
- Removed unnecessary references to jackson.version property
- Removed unnecessary dependency management references to Jackson libraries
This closes #5992
Signed-off-by: Mike Thomsen <[email protected]>
> Upgrade Jackson to 2.13.2.2 using BOM
> -------------------------------------
>
> Key: NIFI-9952
> URL: https://issues.apache.org/jira/browse/NIFI-9952
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Jason-Morries Adam
> Assignee: David Handermann
> Priority: Major
> Fix For: 1.17.0, 1.16.1
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Jackson should be upgraded to 2.13.2.2 due to the following CVE:
> [CVE-2020-36518|https://github.com/advisories/GHSA-57j2-w4cx-62h2]
> (Link: https://github.com/advisories/GHSA-57j2-w4cx-62h2)
>
> You can find the newest versions of jackson at
> https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
