Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-23227

Upgrade jackson-databind to 2.9.10.1 to avoid recent CVEs

    XMLWordPrintableJSON

Details

    • Hide
      <!-- markdown -->

      the Apache HBase REST Proxy now uses Jackson Databind version 2.9.10.1 to address the following CVEs

        - CVE-2019-16942
        - CVE-2019-16943

      Users of prior releases with Jackson Databind 2.9.10 are advised to either upgrade to this release or to upgrade their local Jackson Databind jar directly.
      Show
      <!-- markdown --> the Apache HBase REST Proxy now uses Jackson Databind version 2.9.10.1 to address the following CVEs   - CVE-2019-16942   - CVE-2019-16943 Users of prior releases with Jackson Databind 2.9.10 are advised to either upgrade to this release or to upgrade their local Jackson Databind jar directly.

    Description

      Several net new CVEs were raised against jackson-databind 2.9.10.

      CVE-2019-16942
      CVE-2019-16943

      2.9.10.1 is released, which I believe addresses these two CVEs.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #771

          Activity

            People

              weichiu Wei-Chiu Chuang
              weichiu Wei-Chiu Chuang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: