[FLINK-14104] Bump Jackson to 2.10.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: shaded-7.0, shaded-8.0
Fix Version/s: shaded-9.0, 1.8.3, 1.9.2, 1.10.0
Component/s: BuildSystem / Shaded
Labels:
- pull-request-available

Description

Our current Jackson version (2.9.8) is vulnerable for at least this CVE:
https://nvd.nist.gov/vuln/detail/CVE-2019-14379

Bumping to 2.9.9.3 should solve it.
See https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9

Attachments

Issue Links

links to

GitHub Pull Request #72

GitHub Pull Request #10189

GitHub Pull Request #10220

GitHub Pull Request #10221

GitHub Pull Request #10302

GitHub Pull Request #10303

GitHub Pull Request #10363

(2 links to)

Activity

People

Assignee:: Nico Kruber

Reporter:: Nico Kruber

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Sep/19 12:44

Updated:: 05/Dec/19 10:02

Resolved:: 21/Nov/19 15:34

Time Tracking

Estimated:

Not Specified

Remaining:

0h

Logged:

2h 20m