[ https://issues.apache.org/jira/browse/HBASE-22722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16891531#comment-16891531 ]
Duo Zhang commented on HBASE-22722: ----------------------------------- We are still using jackson 1.x on branch-1, so [~apurtell] mind opening a new issue for branch-1? The patch will be completely different. Thanks. > Upgrade jackson databind dependencies to 2.9.9.1 > ------------------------------------------------ > > Key: HBASE-22722 > URL: https://issues.apache.org/jira/browse/HBASE-22722 > Project: HBase > Issue Type: Bug > Components: dependencies > Reporter: Duo Zhang > Assignee: Duo Zhang > Priority: Blocker > Fix For: 3.0.0, 2.3.0, 2.0.6, 2.2.1, 2.1.6 > > > Due to > https://nvd.nist.gov/vuln/detail/CVE-2019-12814 > https://nvd.nist.gov/vuln/detail/CVE-2019-12384 -- This message was sent by Atlassian JIRA (v7.6.14#76016)