You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kylin.apache.org by "Shaofeng SHI (JIRA)" <ji...@apache.org> on 2018/03/21 01:12:00 UTC
[jira] [Commented] (KYLIN-3300) Upgrade jackson-databind
[ https://issues.apache.org/jira/browse/KYLIN-3300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16407297#comment-16407297 ]
Shaofeng SHI commented on KYLIN-3300:
-------------------------------------
According to [this post|https://github.com/FasterXML/jackson-databind/issues/1723], the vnlerability is fixed in 2.6.7.1, so upgrade Kylin's dependency to this version
> Upgrade jackson-databind
> ------------------------
>
> Key: KYLIN-3300
> URL: https://issues.apache.org/jira/browse/KYLIN-3300
> Project: Kylin
> Issue Type: Improvement
> Components: Integration
> Affects Versions: v2.2.0, v2.3.0
> Reporter: Shaofeng SHI
> Assignee: Shaofeng SHI
> Priority: Major
> Attachments: KYLIN-3300.master.001.patch
>
>
> jackson-databind 2.6.3 and 2.6.5 are reported with security issue (CVE-2017-7525), need ugprade
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)