You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@parquet.apache.org by "Gang Wu (Jira)" <ji...@apache.org> on 2023/05/23 02:00:00 UTC
[jira] [Commented] (PARQUET-2300) Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067
[ https://issues.apache.org/jira/browse/PARQUET-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725153#comment-17725153 ]
Gang Wu commented on PARQUET-2300:
----------------------------------
There is a PR to upgrade it: [https://github.com/apache/parquet-mr/pull/1093|https://github.com/apache/parquet-mr/pull/1093]
> Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067
> --------------------------------------------------------------------
>
> Key: PARQUET-2300
> URL: https://issues.apache.org/jira/browse/PARQUET-2300
> Project: Parquet
> Issue Type: Bug
> Components: parquet-mr
> Affects Versions: 1.13.0
> Reporter: Gianluca Vagnoni
> Priority: Major
>
> The library "{*}parquet-jackson{*}" version 1.13.0 and 1.13.1 contains the vulnerability PRISMA-2023-0067 ([https://github.com/FasterXML/jackson-core/pull/827)] ([https://github.com/IBM/ibm-cos-sdk-java/issues/58)]
> Please upgrade the shaded library to jackson-core version 2.15.0 to fix it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)