[jira] [Resolved] (SPARK-32495) Update jackson-databind versions to fix various vulnerabilities.

Prashant Sharma (Jira) Sun, 30 Aug 2020 23:12:48 -0700


     [ 
https://issues.apache.org/jira/browse/SPARK-32495?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Prashant Sharma resolved SPARK-32495.
-------------------------------------
    Resolution: Won't Fix

Resolving it as won't fix for now, as most of us feel the behaviour change that 
this may lead to, is not acceptable. And these security vulnerabilities do not 
impact Apache Spark.

For more details on the discussion see the Pull Request. 

https://github.com/apache/spark/pull/29334

> Update jackson-databind versions to fix various vulnerabilities.
> ----------------------------------------------------------------
>
>                 Key: SPARK-32495
>                 URL: https://issues.apache.org/jira/browse/SPARK-32495
>             Project: Spark
>          Issue Type: Task
>          Components: Spark Core
>    Affects Versions: 2.4.6
>            Reporter: SHOBHIT SHUKLA
>            Priority: Major
>
> As a vulnerability for Fasterxml Jackson version 2.6.7.3 is affected by 
> CVE-2017-15095 and CVE-2018-5968 CVEs 
> [https://nvd.nist.gov/vuln/detail/CVE-2018-5968], Would it be possible to 
> upgrade the jackson version for spark-2.4.6 and so on(2.4.x).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Resolved] (SPARK-32495) Update jackson-databind versions to fix various vulnerabilities.

Reply via email to