Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-21020

Bump Jackson to 2.10.5[.1] / 2.12.1

    XMLWordPrintableJSON

Details

    Description

      Our current Jackson version (2.10.1) is vulnerable for at least this CVE:
      https://nvd.nist.gov/vuln/detail/CVE-2020-25649

      Bump it to 2.10.5.1+ should address this issue.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. FLINK-21544 Upgrade Jackson databind version from 2.10.1 used in, at least, Flink Python jar

          • Major - Major loss of function.
          • Closed
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. FLINK-21152 Bump flink-shaded to 13.0

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          links to

          Web Link GitHub Pull Request #93

          Web Link GitHub Pull Request #14717

          Web Link GitHub Pull Request #14745

          Web Link GitHub Pull Request #14746

          Activity

            People

              hxbks2ks Huang Xingbo
              dian.fu Dian Fu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: