Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
Impala 4.2.0
-
None
-
ghx-label-1
Description
Jackson-databind has CVE-2020-36518 that is fixed in version 2.12.6.1 or above. We should upgrade our version listed here:
https://github.com/apache/impala/blob/master/java/pom.xml#L67
<jackson-databind.version>2.10.5.1</jackson-databind.version>