[SPARK-29226] Upgrade jackson-databind to 2.9.10 and fix vulnerabilities. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0
Fix Version/s: 3.0.0
Component/s: Build
Labels:
None

Description

The current code uses com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.3 and it will cause a security vulnerabilities. We could get some security info from https://www.tenable.com/cve/CVE-2019-16335

This reference remind to upgrate the version of `jackson-databind` to 2.9.10 or later.

Attachments

Issue Links

is related to

SPARK-29483 Bump Jackson to 2.10.0

Resolved

links to

GitHub Pull Request #25912

Activity

People

Assignee:: Jiaan Geng

Reporter:: Jiaan Geng

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 24/Sep/19 07:43

Updated:: 23/Jun/20 05:01

Resolved:: 25/Sep/19 05:05