[jira] [Commented] (SPARK-40666) Upgrade FasterXML jackson-databind to 2.14

PJ Fanning (Jira) Tue, 25 Oct 2022 05:33:05 -0700


    [ 
https://issues.apache.org/jira/browse/SPARK-40666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623810#comment-17623810
 ]


PJ Fanning commented on SPARK-40666:
------------------------------------

The recent CVEs are fixed in Jackson 2.13.4.2 and Spark trunk branch uses that 
version. Can this be closed?

> Upgrade FasterXML jackson-databind to 2.14
> ------------------------------------------
>
>                 Key: SPARK-40666
>                 URL: https://issues.apache.org/jira/browse/SPARK-40666
>             Project: Spark
>          Issue Type: Dependency upgrade
>          Components: Build
>    Affects Versions: 3.4.0
>            Reporter: Bjørn Jørgensen
>            Priority: Major
>
> [CVE-2022-42003|https://nvd.nist.gov/vuln/detail/CVE-2022-42003]
> [Github|https://github.com/FasterXML/jackson-databind/issues/3590]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SPARK-40666) Upgrade FasterXML jackson-databind to 2.14

Reply via email to