Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16675

Upgrade jackson-databind to 2.9.10.1

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.0, 3.2.2
    • Component/s: security
    • Labels:
      None

      Description

      Several net new CVEs were raised against jackson-databind 2.9.10.

      CVE-2019-16942
      CVE-2019-16943

      2.9.10.1 is released, which I believe addresses these two CVEs.

        Attachments

        1. HADOOP-16675.001.patch
          0.9 kB
          Lisheng Sun

          Issue Links

            Activity

              People

              • Assignee:
                leosun08 Lisheng Sun
                Reporter:
                weichiu Wei-Chiu Chuang
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: