[ https://issues.apache.org/jira/browse/SPARK-29226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dongjoon Hyun resolved SPARK-29226. ----------------------------------- Fix Version/s: 3.0.0 Resolution: Fixed Issue resolved by pull request 25912 [https://github.com/apache/spark/pull/25912] > Upgrade jackson-databind to 2.9.10 and fix vulnerabilities. > ----------------------------------------------------------- > > Key: SPARK-29226 > URL: https://issues.apache.org/jira/browse/SPARK-29226 > Project: Spark > Issue Type: Dependency upgrade > Components: Build > Affects Versions: 3.0.0 > Reporter: jiaan.geng > Assignee: jiaan.geng > Priority: Major > Fix For: 3.0.0 > > > The current code uses com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.3 > and it will cause a security vulnerabilities. We could get some security info > fromĀ https://www.tenable.com/cve/CVE-2019-16335 > This reference remind to upgrate the version of `jackson-databind` to 2.9.10 > or later. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org