Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-21020

Bump Jackson to 2.10.5[.1] / 2.12.1

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Our current Jackson version (2.10.1) is vulnerable for at least this CVE:
      https://nvd.nist.gov/vuln/detail/CVE-2020-25649

      Bump it to 2.10.5.1+ should address this issue.

      Attachments

        Issue Links

        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. FLINK-21544 Upgrade Jackson databind version from 2.10.1 used in, at least, Flink Python jar

        • Major - Major loss of function.
        • Closed
        relates to

        Improvement - An improvement or enhancement to an existing feature or task. FLINK-21152 Bump flink-shaded to 13.0

        • Blocker - Blocks development and/or testing work, production could not run
        • Closed
        links to

        Web Link GitHub Pull Request #93

        Web Link GitHub Pull Request #14717

        Web Link GitHub Pull Request #14745

        Web Link GitHub Pull Request #14746

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            hxbks2ks Huang Xingbo
            dian.fu Dian Fu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment