https://github.com/apache/spark/blob/branch-2.4/pom.xml#L161 Correct, because it would introduce behavior changes.
On Fri, Jun 28, 2019 at 3:54 AM Pavithra R <pavithr...@huawei.com> wrote: > In spark master branch, the version of Jackson jars have been upgraded to > 2.9.9 > > > https://github.com/apache/spark/commit/bd8732300385ad99d2cec3a4af49953d8925eaf6 > > > > *[SPARK-27757][CORE] Bump Jackson to 2.9.9 – * > > > > This has been done to address CVE-2019-12086. > > > > Could you confirm why Jackson jars are not upgraded in older branches like > 2.3 etc? > > > > Thanks, > > Pavithra R > > > > Huawei Technologies India Pvt. Ltd. > > Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield > > Bengaluru-560066, Karnataka > > Tel: + 91-80-49160700 Ext 72060II Mob: 9790706742 Email: > pavithr...@huawei.com > > [image: Company_logo] > ------------------------------ > > > > This e-mail and its attachments contain confidential information from > HUAWEI, which > is intended only for the person or entity whose address is listed above. > Any use of the > information contained herein in any way (including, but not limited to, > total or partial > disclosure, reproduction, or dissemination) by persons other than the > intended > recipient(s) is prohibited. If you receive this e-mail in error, please > notify the sender by > phone or email immediately and delete it! > > > > >