[
https://issues.apache.org/jira/browse/ARROW-1242?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16121263#comment-16121263
]
Matt Darwin edited comment on ARROW-1242 at 8/10/17 8:48 AM:
-------------------------------------------------------------
Sorry [~wesmckinn], there was a bug in my PR and it's not changed the Jackson
version. java/pom.xml defines a {{jackson.version}} variable, but in
java/vector/pom.xml it doesn't use that variable. I've changed it in my branch
and have submitted a new PR #957.
was (Author: mdarwin):
Sorry, there was a bug in my PR and it's not changed the Jackson version.
java/pom.xml defines a {{jackson.version}} variable, but in java/vector/pom.xml
it doesn't use that variable. I've changed it in my branch and have submitted
a new PR #957.
> [Java] security - upgrade Jackson to mitigate 3 CVE vulnerabilities
> -------------------------------------------------------------------
>
> Key: ARROW-1242
> URL: https://issues.apache.org/jira/browse/ARROW-1242
> Project: Apache Arrow
> Issue Type: Bug
> Components: Java - Memory, Java - Vectors
> Affects Versions: 0.4.1
> Reporter: Matt Darwin
> Assignee: Matt Darwin
> Fix For: 0.6.0
>
>
> please consider upgrading jackson to mitigate its various vulnerabilities in
> 2.7.1:
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jackson
> see also
> https://github.com/FasterXML/jackson-databind/issues/1599
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
