[ https://issues.apache.org/jira/browse/SPARK-33695?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17248107#comment-17248107 ]
Nicholas Marion commented on SPARK-33695: ----------------------------------------- [~dongjoon] , As a security issue, would this qualify for a fix in an earlier version, such as Spark 2.4.7? If so, I can create a backport. > Bump Jackson to 2.10.5 and databind to 2.10.5.1 > ----------------------------------------------- > > Key: SPARK-33695 > URL: https://issues.apache.org/jira/browse/SPARK-33695 > Project: Spark > Issue Type: Dependency upgrade > Components: Build > Affects Versions: 2.4.7, 3.0.1 > Reporter: Nicholas Marion > Assignee: Apache Spark > Priority: Major > Fix For: 3.2.0 > > > Jackson reported a vulnerability under CVE-2020-25649. The version pulled in > Spark currently is 2.10.0. Upgrading to 2.10.5.1 will resolve problem. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org