You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@parquet.apache.org by sh...@apache.org on 2022/12/03 18:39:02 UTC
[parquet-mr] branch master updated: PARQUET-2198 : Updating jackson data bind version to fix CVEs (#1005)
This is an automated email from the ASF dual-hosted git repository.
shangxinli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/parquet-mr.git
The following commit(s) were added to refs/heads/master by this push:
new 8206384a0 PARQUET-2198 : Updating jackson data bind version to fix CVEs (#1005)
8206384a0 is described below
commit 8206384a0b0ac66fdca689b0d3ff4fbd81e8b718
Author: Avinash <52...@users.noreply.github.com>
AuthorDate: Sun Dec 4 00:08:57 2022 +0530
PARQUET-2198 : Updating jackson data bind version to fix CVEs (#1005)
* Updating jackson data bind version to fix CVEs
Fixes CVE-2022-42003 and CVE-2022-42004
* Update pom.xml
updated jackson version to 2.13.4
Co-authored-by: František Hartman <fr...@gmail.com>
Co-authored-by: František Hartman <fr...@gmail.com>
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 64e70d403..779e09b0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,8 +73,8 @@
<jackson.groupId>com.fasterxml.jackson.core</jackson.groupId>
<jackson.datatype.groupId>com.fasterxml.jackson.datatype</jackson.datatype.groupId>
<jackson.package>com.fasterxml.jackson</jackson.package>
- <jackson.version>2.13.2</jackson.version>
- <jackson-databind.version>2.13.2.2</jackson-databind.version>
+ <jackson.version>2.13.4</jackson.version>
+ <jackson-databind.version>2.13.4.2</jackson-databind.version>
<japicmp.version>0.14.2</japicmp.version>
<shade.prefix>shaded.parquet</shade.prefix>
<hadoop.version>3.2.3</hadoop.version>