[
https://issues.apache.org/jira/browse/FLINK-40071?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated FLINK-40071:
-----------------------------------
Labels: pull-request-available (was: )
> Bump jackson-bom to 2.21.4
> --------------------------
>
> Key: FLINK-40071
> URL: https://issues.apache.org/jira/browse/FLINK-40071
> Project: Flink
> Issue Type: Technical Debt
> Components: Build System
> Reporter: Purushottam Sinha
> Priority: Minor
> Labels: pull-request-available
>
> Description:
>
>
>
>
>
> jackson-databind 2.21.3 is affected by several recently published CVEs
>
>
> (CVE-2026-54512 through 54518). 2.21.4 fixes all of them except
>
>
> CVE-2026-54515, which has no released fix in any 2.x line yet.
>
>
>
>
>
> Bump jackson-bom.version 2.21.3 -> 2.21.4 and update the NOTICE files of
>
>
> modules bundling jackson.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
