[ https://issues.apache.org/jira/browse/PARQUET-1894?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gabor Szadovszky resolved PARQUET-1894. --------------------------------------- Fix Version/s: 1.12.0 Resolution: Duplicate The jackson library has already been updated to 2.11.4 under PARQUET-1961. Closing this as a dupe. > Please fix the related Shaded Jackson Databind CVEs > --------------------------------------------------- > > Key: PARQUET-1894 > URL: https://issues.apache.org/jira/browse/PARQUET-1894 > Project: Parquet > Issue Type: Bug > Components: parquet-mr > Affects Versions: 1.11.0 > Reporter: Rodney Aaron Stainback > Priority: Major > Fix For: 1.12.0 > > > The following CVEs are all related to version 2.9.10 of Jackson databind > which you shade > |cve|severity|cvss| > |CVE-2019-16942|critical|9.8| > |CVE-2019-16943|critical|9.8| > |CVE-2019-17531|critical|9.8| > |CVE-2019-20330|critical|9.8| > |CVE-2020-10672|high|8.8| > |CVE-2020-10673|high|8.8| > |CVE-2020-10968|high|8.8| > |CVE-2020-10969|high|8.8| > |CVE-2020-11111|high|8.8| > |CVE-2020-11112|high|8.8| > |CVE-2020-11113|high|8.8| > |CVE-2020-11619|critical|9.8| > |CVE-2020-11620|critical|9.8| > |CVE-2020-14060|high|8.1| > |CVE-2020-14061|high|8.1| > |CVE-2020-14062|high|8.1| > |CVE-2020-14195|high|8.1| > |CVE-2020-8840|critical|9.8| > |CVE-2020-9546|critical|9.8| > |CVE-2020-9547|critical|9.8| > |CVE-2020-9548|critical|9.8| > > Our security team is trying to block us from using parquet files because of > this issue -- This message was sent by Atlassian Jira (v8.3.4#803005)