You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Oleksiy Sayankin (Jira)" <ji...@apache.org> on 2021/03/18 11:24:00 UTC

[jira] [Comment Edited] (HIVE-24904) CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar

    [ https://issues.apache.org/jira/browse/HIVE-24904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17304055#comment-17304055 ] 

Oleksiy Sayankin edited comment on HIVE-24904 at 3/18/21, 11:23 AM:
--------------------------------------------------------------------

The latest supported release of the lib is 1.9.13 ([https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl])
 for updating the lib to version with fix we have 3 options:
 1. [https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.14.jdk17-redhat-00001] update to lib that was bundled by RedHat
 2. Build our own lib from the master: [https://github.com/FasterXML/jackson-1]
 3. Move to new artifact
{panel}
 com.fasterxml.jackson.core » jackson-databind
{panel}

FYI: [~kgyrtkirk], [~jcamachorodriguez], [~pvary]


was (Author: osayankin):
The latest supported release of the lib is 1.9.13 ([https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl])
 for updating the lib to version with fix we have 3 options:
 1. [https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.14.jdk17-redhat-00001] update to lib that was bundled by RedHat
 2. Build our own lib from the master: [https://github.com/FasterXML/jackson-1]
 3. Move to new artifact
{panel}
com.fasterxml.jackson.core » jackson-databind{panel}

> CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar
> ------------------------------------------------------------------------------
>
>                 Key: HIVE-24904
>                 URL: https://issues.apache.org/jira/browse/HIVE-24904
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Oleksiy Sayankin
>            Priority: Critical
>
> CVE list: CVE-2019-10172,CVE-2019-10202
> CVSS score: High
> {code}
> ./packaging/target/apache-hive-4.0.0-SNAPSHOT-bin/apache-hive-4.0.0-SNAPSHOT-bin/lib/jackson-mapper-asl-1.9.13.jar
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)