You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@parquet.apache.org by sh...@apache.org on 2022/12/03 18:39:02 UTC

[parquet-mr] branch master updated: PARQUET-2198 : Updating jackson data bind version to fix CVEs (#1005)

This is an automated email from the ASF dual-hosted git repository.

shangxinli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/parquet-mr.git


The following commit(s) were added to refs/heads/master by this push:
     new 8206384a0 PARQUET-2198 : Updating jackson data bind version to fix CVEs (#1005)
8206384a0 is described below

commit 8206384a0b0ac66fdca689b0d3ff4fbd81e8b718
Author: Avinash <52...@users.noreply.github.com>
AuthorDate: Sun Dec 4 00:08:57 2022 +0530

    PARQUET-2198 : Updating jackson data bind version to fix CVEs (#1005)
    
    * Updating jackson data bind version to fix CVEs
    
    Fixes  CVE-2022-42003 and  CVE-2022-42004
    
    * Update pom.xml
    
    updated jackson version to 2.13.4
    
    Co-authored-by: František Hartman <fr...@gmail.com>
    
    Co-authored-by: František Hartman <fr...@gmail.com>
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 64e70d403..779e09b0d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -73,8 +73,8 @@
     <jackson.groupId>com.fasterxml.jackson.core</jackson.groupId>
     <jackson.datatype.groupId>com.fasterxml.jackson.datatype</jackson.datatype.groupId>
     <jackson.package>com.fasterxml.jackson</jackson.package>
-    <jackson.version>2.13.2</jackson.version>
-    <jackson-databind.version>2.13.2.2</jackson-databind.version>
+    <jackson.version>2.13.4</jackson.version>
+    <jackson-databind.version>2.13.4.2</jackson-databind.version>
     <japicmp.version>0.14.2</japicmp.version>
     <shade.prefix>shaded.parquet</shade.prefix>
     <hadoop.version>3.2.3</hadoop.version>