[HBASE-27423] Upgrade hbase-thirdparty to 4.1.3 and upgrade Jackson for CVE-2022-42003/42004 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.0, 3.0.0-alpha-4, 2.5.2, 2.4.16
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed

Description

Jackson 2.13.4 fixes CVE-2022-42003 and databind 2.14.0-rc1 fixes CVE-2022-42004.

Move jackson.version to 2.13.4.
Move jackson.databind.version to 2.14.0-rc1.

Attachments

Issue Links

is blocked by

HBASE-27470 [hbase-thirdparty] Release hbase-thirdparty 4.1.3

Resolved

links to

GitHub Pull Request #4821

GitHub Pull Request #4878

Activity

People

Assignee:: Duo Zhang

Reporter:: Andrew Kyle Purtell

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Oct/22 00:35

Updated:: 20/Nov/22 14:38

Resolved:: 17/Nov/22 14:33