You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@arrow.apache.org by "Wes McKinney (JIRA)" <ji...@apache.org> on 2017/08/08 02:55:00 UTC
[jira] [Updated] (ARROW-1242) [Java] security - upgrade Jackson to
mitigate 3 CVE vulnerabilities
[ https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wes McKinney updated ARROW-1242:
--------------------------------
Fix Version/s: (was: 0.6.0)
0.7.0
> [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
> -------------------------------------------------------------------
>
> Key: ARROW-1242
> URL: https://issues.apache.org/jira/browse/ARROW-1242
> Project: Apache Arrow
> Issue Type: Bug
> Components: Java - Memory, Java - Vectors
> Affects Versions: 0.4.1
> Reporter: Matt Darwin
> Fix For: 0.7.0
>
>
> please consider upgrading jackson to mitigate its various vulnerabilities in 2.7.1:
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson
> see also
> https://github.com/FasterXML/jackson-databind/issues/1599
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)