You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@parquet.apache.org by "Gang Wu (Jira)" <ji...@apache.org> on 2023/05/23 02:00:00 UTC

[jira] [Commented] (PARQUET-2300) Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067

    [ https://issues.apache.org/jira/browse/PARQUET-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17725153#comment-17725153 ] 

Gang Wu commented on PARQUET-2300:
----------------------------------

There is a PR to upgrade it: [https://github.com/apache/parquet-mr/pull/1093|https://github.com/apache/parquet-mr/pull/1093]

> Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067
> --------------------------------------------------------------------
>
>                 Key: PARQUET-2300
>                 URL: https://issues.apache.org/jira/browse/PARQUET-2300
>             Project: Parquet
>          Issue Type: Bug
>          Components: parquet-mr
>    Affects Versions: 1.13.0
>            Reporter: Gianluca Vagnoni
>            Priority: Major
>
> The library "{*}parquet-jackson{*}" version 1.13.0 and 1.13.1 contains the vulnerability PRISMA-2023-0067 ([https://github.com/FasterXML/jackson-core/pull/827)] ([https://github.com/IBM/ibm-cos-sdk-java/issues/58)]
> Please upgrade the shaded library to jackson-core version 2.15.0 to fix it.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)