You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "Shaofeng SHI (JIRA)" <ji...@apache.org> on 2018/03/21 01:12:00 UTC

[jira] [Commented] (KYLIN-3300) Upgrade jackson-databind

    [ https://issues.apache.org/jira/browse/KYLIN-3300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16407297#comment-16407297 ] 

Shaofeng SHI commented on KYLIN-3300:
-------------------------------------

According to [this post|https://github.com/FasterXML/jackson-databind/issues/1723], the vnlerability is fixed in 2.6.7.1, so upgrade Kylin's dependency to this version

> Upgrade jackson-databind
> ------------------------
>
>                 Key: KYLIN-3300
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3300
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Integration
>    Affects Versions: v2.2.0, v2.3.0
>            Reporter: Shaofeng SHI
>            Assignee: Shaofeng SHI
>            Priority: Major
>         Attachments: KYLIN-3300.master.001.patch
>
>
> jackson-databind 2.6.3 and 2.6.5 are reported with security issue (CVE-2017-7525), need ugprade



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)