[
https://issues.apache.org/jira/browse/HIVE-24904?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17304055#comment-17304055
]
Oleksiy Sayankin edited comment on HIVE-24904 at 3/18/21, 11:23 AM:
--------------------------------------------------------------------
The latest supported release of the lib is 1.9.13
([https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl])
for updating the lib to version with fix we have 3 options:
1.
[https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.14.jdk17-redhat-00001]
update to lib that was bundled by RedHat
2. Build our own lib from the master: [https://github.com/FasterXML/jackson-1]
3. Move to new artifact
{panel}
com.fasterxml.jackson.core » jackson-databind
{panel}
FYI: [~kgyrtkirk], [~jcamachorodriguez], [~pvary]
was (Author: osayankin):
The latest supported release of the lib is 1.9.13
([https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl])
for updating the lib to version with fix we have 3 options:
1.
[https://mvnrepository.com/artifact/org.codehaus.jackson/jackson-mapper-asl/1.9.14.jdk17-redhat-00001]
update to lib that was bundled by RedHat
2. Build our own lib from the master: [https://github.com/FasterXML/jackson-1]
3. Move to new artifact
{panel}
com.fasterxml.jackson.core » jackson-databind{panel}
> CVE-2019-10172,CVE-2019-10202 vulnerabilities in jackson-mapper-asl-1.9.13.jar
> ------------------------------------------------------------------------------
>
> Key: HIVE-24904
> URL: https://issues.apache.org/jira/browse/HIVE-24904
> Project: Hive
> Issue Type: Bug
> Reporter: Oleksiy Sayankin
> Priority: Critical
>
> CVE list: CVE-2019-10172,CVE-2019-10202
> CVSS score: High
> {code}
> ./packaging/target/apache-hive-4.0.0-SNAPSHOT-bin/apache-hive-4.0.0-SNAPSHOT-bin/lib/jackson-mapper-asl-1.9.13.jar
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
