Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-23227

Upgrade jackson-databind to 2.9.10.1 to avoid recent CVEs

    XMLWordPrintableJSON

    Details

    • Release Note:
      Hide
      <!-- markdown -->

      the Apache HBase REST Proxy now uses Jackson Databind version 2.9.10.1 to address the following CVEs

        - CVE-2019-16942
        - CVE-2019-16943

      Users of prior releases with Jackson Databind 2.9.10 are advised to either upgrade to this release or to upgrade their local Jackson Databind jar directly.
      Show
      <!-- markdown --> the Apache HBase REST Proxy now uses Jackson Databind version 2.9.10.1 to address the following CVEs   - CVE-2019-16942   - CVE-2019-16943 Users of prior releases with Jackson Databind 2.9.10 are advised to either upgrade to this release or to upgrade their local Jackson Databind jar directly.

      Description

      Several net new CVEs were raised against jackson-databind 2.9.10.

      CVE-2019-16942
      CVE-2019-16943

      2.9.10.1 is released, which I believe addresses these two CVEs.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                weichiu Wei-Chiu Chuang
                Reporter:
                weichiu Wei-Chiu Chuang
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: