[HADOOP-17094] vulnerabilities reported in jackson and jackson-databind in branch-2.10 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.10.0, 2.10.1
Fix Version/s: 2.10.1
Component/s: None
Labels:
None

Target Version/s:

2.10.1
Hadoop Flags:

Reviewed

Description

There are known vulnerabilities in the com.fasterxml.jackson.core:jackson-databind package [,2.9.10.5).

List of vulnerabilities.

Upgrading jackson and jackson-databind to 2.10 should get rid of those vulnerabilities.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-17094-branch-2.10.001.patch
25/Jun/20 18:40
0.5 kB
Ahmed Hussein

Activity

People

Assignee:: Ahmed Hussein

Reporter:: Ahmed Hussein

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 25/Jun/20 17:24

Updated:: 30/Jun/20 04:30

Resolved:: 30/Jun/20 03:21