[
https://issues.apache.org/jira/browse/SPARK-20433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16105951#comment-16105951
]
Andrew Ash commented on SPARK-20433:
As I wrote in that PR, it's 2.6.7.1 of jackson-databind that has
[
https://issues.apache.org/jira/browse/SPARK-20433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16105792#comment-16105792
]
Sean Owen commented on SPARK-20433:
---
You updated to 2.6.7 but indicated above that's still vulnerable.
[
https://issues.apache.org/jira/browse/SPARK-20433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16105751#comment-16105751
]
Andrew Ash commented on SPARK-20433:
Here's the patch I put in my fork of Spark:
[
https://issues.apache.org/jira/browse/SPARK-20433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16004417#comment-16004417
]
David Hodeffi commented on SPARK-20433:
---
Did you upgrade json4s? since 3.2.1 is not compatible with
[
https://issues.apache.org/jira/browse/SPARK-20433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15994660#comment-15994660
]
Hyukjin Kwon commented on SPARK-20433:
--
[~aash], What do you think about resolving this for now and
[
https://issues.apache.org/jira/browse/SPARK-20433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15979630#comment-15979630
]
Andrew Ash commented on SPARK-20433:
It's unclear if Spark is affected, I wanted to open this ticket
[
https://issues.apache.org/jira/browse/SPARK-20433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15979227#comment-15979227
]
Sean Owen commented on SPARK-20433:
---
Do we know if it even affects Spark? It sounds like another
