New RCE found in jackson-databind 2.0.0 through 22.214.171.124.
Patched in 126.96.36.199. Looks critical.
HADOOP-16882 get in we should backport this to those lower-version branches ASAP.
- is duplicated by
HADOOP-16883 update jackon-databind version
- is related to
HADOOP-16485 Remove dependency on jackson
- links to