Purushottam Sinha created FLINK-40071:
-----------------------------------------

             Summary: Bump jackson-bom to 2.21.4
                 Key: FLINK-40071
                 URL: https://issues.apache.org/jira/browse/FLINK-40071
             Project: Flink
          Issue Type: Technical Debt
          Components: Build System
            Reporter: Purushottam Sinha


  Description:                                                                  
                                                                                
                                                 
                                                                                
                                                                                
                                                 
  jackson-databind 2.21.3 is affected by several recently published CVEs        
                                                                                
                                                 
  (CVE-2026-54512 through 54518). 2.21.4 fixes all of them except               
                                                                                
                                                 
  CVE-2026-54515, which has no released fix in any 2.x line yet.                
                                                                                
                                                 
                                                                                
                                                                                
                                                 
  Bump jackson-bom.version 2.21.3 -> 2.21.4 and update the NOTICE files of      
                                                                                
                                                 
  modules bundling jackson.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to