You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Prashant Sharma (Jira)" <ji...@apache.org> on 2020/08/31 06:12:00 UTC
[jira] [Resolved] (SPARK-32495) Update jackson-databind versions to
fix various vulnerabilities.
[ https://issues.apache.org/jira/browse/SPARK-32495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Prashant Sharma resolved SPARK-32495.
-------------------------------------
Resolution: Won't Fix
Resolving it as won't fix for now, as most of us feel the behaviour change that this may lead to, is not acceptable. And these security vulnerabilities do not impact Apache Spark.
For more details on the discussion see the Pull Request.
https://github.com/apache/spark/pull/29334
> Update jackson-databind versions to fix various vulnerabilities.
> ----------------------------------------------------------------
>
> Key: SPARK-32495
> URL: https://issues.apache.org/jira/browse/SPARK-32495
> Project: Spark
> Issue Type: Task
> Components: Spark Core
> Affects Versions: 2.4.6
> Reporter: SHOBHIT SHUKLA
> Priority: Major
>
> As a vulnerability for Fasterxml Jackson version 2.6.7.3 is affected by CVE-2017-15095 and CVE-2018-5968 CVEs [https://nvd.nist.gov/vuln/detail/CVE-2018-5968], Would it be possible to upgrade the jackson version for spark-2.4.6 and so on(2.4.x).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org