Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
None
-
None
-
None
-
None
Description
Hi everyone, in a similar manner to https://issues.apache.org/jira/browse/HADOOP-17555 I have done a Twistlock container scan and am looking at any dependencies we can upgrade to remediate any security issues that may be present.
One such contender is this:
"version": "2.10.1",
"name": "com.fasterxml.jackson.core_jackson-databind",
"path": "/opt/flink/opt/flink-python_2.11-1.11.3.jar"
and so I'm wondering if we can upgrade this version to, say, 2.10.5.1, 2.12.1, or 2.11.4? Major bug because - surely CVEs in 2.10.1; it is quite old now as well (see https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.10.1)
Attachments
Issue Links
- duplicates
-
FLINK-21020 Bump Jackson to 2.10.5[.1] / 2.12.1
- Closed