You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Yang Jie (Jira)" <ji...@apache.org> on 2022/10/13 05:52:00 UTC
[jira] [Updated] (SPARK-40782) Upgrade Jackson-databind to 2.13.4.1
[ https://issues.apache.org/jira/browse/SPARK-40782?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yang Jie updated SPARK-40782:
-----------------------------
Summary: Upgrade Jackson-databind to 2.13.4.1 (was: Upgrade Jackson to 2.13.4.1)
> Upgrade Jackson-databind to 2.13.4.1
> ------------------------------------
>
> Key: SPARK-40782
> URL: https://issues.apache.org/jira/browse/SPARK-40782
> Project: Spark
> Issue Type: Improvement
> Components: Build
> Affects Versions: 3.4.0
> Reporter: Yang Jie
> Priority: Major
>
> #3590: Add check in primitive value deserializers to avoid deep wrapper array
> nesting wrt `UNWRAP_SINGLE_VALUE_ARRAYS` [CVE-2022-42003]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org