ScrapCodes commented on pull request #29334:
URL: https://github.com/apache/spark/pull/29334#issuecomment-675342591
Is it difficult to suggest, to upgrade to a maintained version of a library
which has otherwise got, so many security vulnerabilities? Even if those
security vulnerabilities have no impact, at least one could save himself form
swarm of alert generate by so called "security analysing" software.
Currently used version(2.6), has not been released since 2017, except a
micro release(in 2019) that fixed only known CVEs at that point.
Lastly, change required to upgrade to latest jackson is just
(s/NON_NULL/NON_ABSENT), can we make it simpler for our client application to
upgrade.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
