Purushottam Sinha created FLINK-40071: -----------------------------------------
Summary: Bump jackson-bom to 2.21.4
Key: FLINK-40071
URL: https://issues.apache.org/jira/browse/FLINK-40071
Project: Flink
Issue Type: Technical Debt
Components: Build System
Reporter: Purushottam Sinha
Description:
jackson-databind 2.21.3 is affected by several recently published CVEs
(CVE-2026-54512 through 54518). 2.21.4 fixes all of them except
CVE-2026-54515, which has no released fix in any 2.x line yet.
Bump jackson-bom.version 2.21.3 -> 2.21.4 and update the NOTICE files of
modules bundling jackson.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
