You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Yang Jie (Jira)" <ji...@apache.org> on 2022/10/13 05:52:00 UTC

[jira] [Updated] (SPARK-40782) Upgrade Jackson-databind to 2.13.4.1

     [ https://issues.apache.org/jira/browse/SPARK-40782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yang Jie updated SPARK-40782:
-----------------------------
    Summary: Upgrade Jackson-databind to 2.13.4.1  (was: Upgrade Jackson to 2.13.4.1)

> Upgrade Jackson-databind to 2.13.4.1
> ------------------------------------
>
>                 Key: SPARK-40782
>                 URL: https://issues.apache.org/jira/browse/SPARK-40782
>             Project: Spark
>          Issue Type: Improvement
>          Components: Build
>    Affects Versions: 3.4.0
>            Reporter: Yang Jie
>            Priority: Major
>
> #3590: Add check in primitive value deserializers to avoid deep wrapper array
>   nesting wrt `UNWRAP_SINGLE_VALUE_ARRAYS` [CVE-2022-42003]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org