You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@arrow.apache.org by "Matt Darwin (JIRA)" <ji...@apache.org> on 2017/07/20 13:23:00 UTC

[jira] [Created] (ARROW-1242) security - upgrade Jackson to mitigate 3 CVE vulnerabilities

Matt Darwin created ARROW-1242:
----------------------------------

             Summary: security - upgrade Jackson to mitigate 3 CVE vulnerabilities
                 Key: ARROW-1242
                 URL: https://issues.apache.org/jira/browse/ARROW-1242
             Project: Apache Arrow
          Issue Type: Bug
          Components: Java - Memory, Java - Vectors
    Affects Versions: 0.4.1
            Reporter: Matt Darwin
             Fix For: 0.5.0


please consider upgrading jackson to mitigate its various vulnerabilities in 2.7.1:
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson

see also
https://github.com/FasterXML/jackson-databind/issues/1599



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)