Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-27293

CVE-2020-36518 in flink-shaded jackson

    XMLWordPrintableJSON

Details

    Description

      jackson-databind contains a CVE and is pulled in via jackson-bom located here: https://github.com/apache/flink-shaded/blob/master/flink-shaded-jackson-parent/pom.xml#L38

      This needs to be updated to versionĀ 

      2.12.6.20220326

      as noted here: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12#micro-patches

      Attachments

        Issue Links

          is superceded by

          Technical Debt - FLINK-29418 Update flink-shaded dependencies

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #109

          Web Link GitHub Pull Request #110

          Activity

            People

              Unassigned Unassigned
              sdeehring Spencer Deehring
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: