You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@parquet.apache.org by Shrushti Patel <sh...@slack-corp.com.INVALID> on 2023/03/15 17:24:46 UTC
Apache Parquet Jackson Update
Hello,
I work for Salesforce and we use Secor <https://github.com/pinterest/secor>
for Pinterest for data ingestion.
Secor uses parquet-hadoop
<https://github.com/pinterest/secor/blob/master/pom.xml#L266> dependency
which has Apache Parquet Jackson as one of its dependencies.
Apache Parquet Jackson jar has com.fasterxml.jackson.core_jackson-databind
one of its dependencies.
Latest Apache Parquet Jackson jar uses 2.13.2.2 version of
com.fasterxml.jackson.core_jackson-databind.
*This version has security vulnerabilities* CVE-2022-42004
<https://nvd.nist.gov/vuln/detail/CVE-2022-42004> (Fixed in 2.13.4) and
CVE-2022-42003 <https://nvd.nist.gov/vuln/detail/CVE-2022-42003> (Fixed in
2.14.0)
*I wanted to check what is the next expected release date for Apache
Parquet Jackson jar which will have updated version of
com.fasterxml.jackson.core_jackson-databind jar *
Looking forward to hearing from you soon
Thanks,
Shrushti