[HADOOP-16675] Upgrade jackson-databind to 2.9.10.1 - ASF JIRA

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.3.0, 3.2.2
Component/s: security
Labels:
None

Description

Several net new CVEs were raised against jackson-databind 2.9.10.

CVE-2019-16942
CVE-2019-16943

2.9.10.1 is released, which I believe addresses these two CVEs.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

HADOOP-16675.001.patch
29/Oct/19 12:18
0.9 kB
Lisheng Sun

Add Link

Issue Links

is related to

HADOOP-16803 Upgrade jackson-databind to 2.9.10.2

Resolved

Delete this link

Activity

Comment

$i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users

Cancel

People

Assignee:

Lisheng Sun

Reporter:

Wei-Chiu Chuang

Votes:

0 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

29/Oct/19 11:31

Updated:

15/Jan/20 06:20

Resolved:

29/Oct/19 20:38

Agile

View on Board

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Issue deployment