[
https://issues.apache.org/jira/browse/PARQUET-2300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17726480#comment-17726480
]
ASF GitHub Bot commented on PARQUET-2300:
-----------------------------------------
wgtmac closed pull request #1097: PARQUET-2300: Bump jackson.version from
2.13.4 to 2.15.0
URL: https://github.com/apache/parquet-mr/pull/1097
> Update jackson-core 2.13.4 to a version without CVE PRISMA-2023-0067
> --------------------------------------------------------------------
>
> Key: PARQUET-2300
> URL: https://issues.apache.org/jira/browse/PARQUET-2300
> Project: Parquet
> Issue Type: Bug
> Components: parquet-mr
> Affects Versions: 1.13.0
> Reporter: Gianluca Vagnoni
> Priority: Major
> Fix For: 1.14.0
>
>
> The library "{*}parquet-jackson{*}" version 1.13.0 and 1.13.1 contains the
> vulnerability PRISMA-2023-0067
> ([https://github.com/FasterXML/jackson-core/pull/827)]
> ([https://github.com/IBM/ibm-cos-sdk-java/issues/58)]
> Please upgrade the shaded library to jackson-core version 2.15.0 to fix it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
