[ https://issues.apache.org/jira/browse/HBASE-23227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16961997#comment-16961997 ]
Sean Busbey commented on HBASE-23227: ------------------------------------- I'm going to go ahead and merge this and then look for impact in nightly. [~weichiu] could you like the master/branch-2 version as related or just note here that those versions are not impacted for some reason (I don't remember off hand if we're still using jackson for the rest server). > Upgrade jackson-databind to 2.9.10.1 (branch-1) > ----------------------------------------------- > > Key: HBASE-23227 > URL: https://issues.apache.org/jira/browse/HBASE-23227 > Project: HBase > Issue Type: Task > Components: dependencies, REST, security > Reporter: Wei-Chiu Chuang > Assignee: Wei-Chiu Chuang > Priority: Blocker > > Several net new CVEs were raised against jackson-databind 2.9.10. > CVE-2019-16942 > CVE-2019-16943 > 2.9.10.1 is released, which I believe addresses these two CVEs. -- This message was sent by Atlassian Jira (v8.3.4#803005)