Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-16675

Upgrade jackson-databind to 2.9.10.1

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.0, 3.2.2
    • Component/s: security
    • Labels:
      None

      Description

      Several net new CVEs were raised against jackson-databind 2.9.10.

      CVE-2019-16942
      CVE-2019-16943

      2.9.10.1 is released, which I believe addresses these two CVEs.

        Attachments

        Issue Links

          Activity

          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              leosun08 Lisheng Sun Assign to me
              Reporter:
              weichiu Wei-Chiu Chuang

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment