[HADOOP-18493] update jackson-databind 2.12.7.1 due to CVE fixes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0, 3.3.5
Fix Version/s: 3.4.0, 3.3.5
Component/s: common
Labels:
- pull-request-available

Target Version/s:

3.4.0, 3.3.5
Hadoop Flags:

Reviewed

Description

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004
both fixes have been backported (the CVEs themselves need to be updated to reflect this)
https://github.com/FasterXML/jackson-databind/pull/3622

Attachments

Issue Links

is duplicated by

HADOOP-18529 Upgrade jackson-databind to a version with fixes for CVE-2022-42003 and CVE-2022-42004

Resolved

relates to

HADOOP-18479 Update jackson-databind to mitigate CVE-2022-42003

Resolved

links to

GitHub Pull Request #5011

GitHub Pull Request #5018

Activity

People

Assignee:: PJ Fanning

Reporter:: PJ Fanning

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 13/Oct/22 08:17

Updated:: 23/Jan/24 02:49

Resolved:: 17/Oct/22 04:44