Uploaded image for project: 'Parquet'
  1. Parquet
  2. PARQUET-2127

Security risk in latest parquet-jackson-1.12.2.jar

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • 1.12.3
    • None
    • None

    Description

      Embed jackson-databind:2.11.4 has security risk of Possible DoS if using JDK serialization to serialize JsonNode (https://github.com/FasterXML/jackson-databind/issues/3328 ), upgrade to 2.13.1 can fix this.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              phoebemaomao phoebe chen
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: