You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Nicholas Marion (Jira)" <ji...@apache.org> on 2020/12/07 23:25:00 UTC

[jira] [Created] (SPARK-33695) Bump Jackson to 2.10.5 and databind to 2.10.5.1

Nicholas Marion created SPARK-33695:
---------------------------------------

             Summary: Bump Jackson to 2.10.5 and databind to 2.10.5.1
                 Key: SPARK-33695
                 URL: https://issues.apache.org/jira/browse/SPARK-33695
             Project: Spark
          Issue Type: Dependency upgrade
          Components: Build
    Affects Versions: 3.0.1, 2.4.7
            Reporter: Nicholas Marion


Jackson reported a vulnerability under CVE-2020-25649. The version pulled in Spark currently is 2.10.0. Upgrading to either 2.10.5.1 will resolve problem.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org