UNSUBSCRIBE
The CVE you mention seems to affect jackson-databind, not
jackson-mapper-asl. 3.3.1 already uses databind 2.13.x which is not
affected.
On Wed, Dec 14, 2022 at 8:20 AM haibo.w...@morganstanley.com <
haibo.w...@morganstanley.com> wrote:
> Thanks Owen for prompt response
>
> sorry, forgot to
Thanks Owen for prompt response
sorry, forgot to mention, it’s latest spark version 3.3.1
Both below spark-py image or pypi are good to use for us, but both have same
Jackson-mapper-asl dependencies.
What Spark version are you referring to? If it's an unsupported version,
no, no plans to update it.
What image are you referring to?
On Wed, Dec 14, 2022 at 7:14 AM haibo.w...@morganstanley.com <
haibo.w...@morganstanley.com> wrote:
> Hi All
>
>
>
> Hope you are doing well.
>
>
>
> Writing this
Hi All
Hope you are doing well.
Writing this email for an vulnerable issue: CVE-2018-14721
apache/spark-py:
gav://org.codehaus.jackson:jackson-mapper-asl:1.9.13,CVE-2018-14721,1.8.10-cloudera.2,1.5.0
<= Version <= 1.9.13
We are trying to bring in above image into our firm, but due to the