[FLINK-29638] Update jackson bom because of CVE-2022-42003 - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Technical Debt
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.16.0, 1.17.0, 1.15.2
Fix Version/s: 1.16.0, 1.17.0, 1.15.3
Component/s: None
Labels:
- pull-request-available

Description

There is a CVE-2022-42003 fixed in 2.13.4.1 and 2.14.0-rc1
https://nvd.nist.gov/vuln/detail/CVE-2022-42003

P.S. It seems there will not be 2.14.0 release until end of October according to https://github.com/FasterXML/jackson-databind/issues/3590#issuecomment-1270363915

Attachments

Issue Links

Add Link

is related to

FLINK-29468 Update jackson-bom to 2.13.4

Resolved

Delete this link

links to

GitHub Pull Request #21064

Delete this link

GitHub Pull Request #21106

Delete this link

GitHub Pull Request #21107

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Sergey Nuyanzin

Reporter:: Sergey Nuyanzin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/Oct/22 08:17

Updated:: 20/Oct/22 05:22

Resolved:: 19/Oct/22 19:29

Agile

View on Board

Update jackson bom because of CVE-2022-42003

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment