[
https://issues.apache.org/jira/browse/CASSANDRA-17231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17468670#comment-17468670
]
Josh McKenzie commented on CASSANDRA-17231:
-------------------------------------------
The 4.x driver has (as I understand it second hand) API breaking changes in it
that have sweeping consequences for many things written to the 3.x driver.
Perhaps we should first look to an update to the deps in the bundled driver to
a non-vulnerable version of the jackson-databind lib.
> Upgrade cassandra-driver-core to 4.X
> ------------------------------------
>
> Key: CASSANDRA-17231
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17231
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Phyllis Li
> Assignee: Phyllis Li
> Priority: Normal
> Labels: security
> Fix For: 4.x
>
>
> The current Cassandra driver version is 3.11.0, which uses a vulnerable
> version of jackson-databind.
> We may want to switch to the re-branded com.datastax.oss:java-driver-core
> 4.13.0.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
