You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@parquet.apache.org by "phoebe chen (Jira)" <ji...@apache.org> on 2022/02/17 20:31:00 UTC

[jira] [Created] (PARQUET-2127) Security risk in latest parquet-jackson-1.12.2.jar

phoebe chen created PARQUET-2127:
------------------------------------

             Summary: Security risk in latest parquet-jackson-1.12.2.jar
                 Key: PARQUET-2127
                 URL: https://issues.apache.org/jira/browse/PARQUET-2127
             Project: Parquet
          Issue Type: Improvement
            Reporter: phoebe chen


Embed jackson-databind:2.11.4 has security risk of Possible DoS if using JDK serialization to serialize JsonNode ([https://github.com/FasterXML/jackson-databind/issues/3328] ), upgrade to 2.13.1 can fix this.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)