[
https://issues.apache.org/jira/browse/AVRO-3658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Tzvetanov Grigorov resolved AVRO-3658.
---------------------------------------------
Fix Version/s: 1.12.0
Assignee: Martin Tzvetanov Grigorov
Resolution: Fixed
Jackson has been upgraded to 2.14.0 with
https://github.com/apache/avro/pull/1944
> Bump jackson to address CVE-2020-36518
> --------------------------------------
>
> Key: AVRO-3658
> URL: https://issues.apache.org/jira/browse/AVRO-3658
> Project: Apache Avro
> Issue Type: Improvement
> Components: java
> Affects Versions: 1.11.1
> Reporter: Pavel Moskotin
> Assignee: Martin Tzvetanov Grigorov
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.12.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Current version of Jackson dependency for AVRO/Java
> {code:xml}
> <jackson-bom.version>2.12.7.20221012</jackson-bom.version>
> {code}
> bringsĀ CVE-2020-36518.
> This is covered by next versions, for example - in
> {code:xml}
> <jackson-bom.version>2.13.4</jackson-bom.version>
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
