You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flink.apache.org by "Spencer Deehring (Jira)" <ji...@apache.org> on 2022/04/18 21:38:00 UTC
[jira] [Created] (FLINK-27293) CVE-2020-36518 in flink-shaded jackson
Spencer Deehring created FLINK-27293:
----------------------------------------
Summary: CVE-2020-36518 in flink-shaded jackson
Key: FLINK-27293
URL: https://issues.apache.org/jira/browse/FLINK-27293
Project: Flink
Issue Type: Technical Debt
Components: BuildSystem / Shaded
Reporter: Spencer Deehring
jackson-databind contains a CVE and is pulled in via jackson-bom located here: [https://github.com/apache/flink-shaded/blob/master/flink-shaded-jackson-parent/pom.xml#L38]
This needs to be updated to version
{code:java}
2.13.2.20220328 {code}
as noted here: [https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13#micro-patches]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)