Fokko commented on pull request #29334: URL: https://github.com/apache/spark/pull/29334#issuecomment-676599669
Sorry for being late, kinda busy the last few weeks. If we decide to shade Jackson, we must be very careful that it isn't part of any public APIs. As mentioned before, not all the alerts generated by Jackson, are vulnerabilities to Spark, since many of them are code paths that aren't used by Spark. I'm mostly with Sean and would like to encourage users to move to 3.0. I've checked and there aren't many follow up PR's that patch issues caused by the Jackson update, so maybe we're making this bigger than it is. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
