[jira] [Commented] (KYLIN-3300) Upgrade jackson-databind

Shaofeng SHI (JIRA) Tue, 20 Mar 2018 18:12:18 -0700

    [ 
https://issues.apache.org/jira/browse/KYLIN-3300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16407297#comment-16407297
 ]


Shaofeng SHI commented on KYLIN-3300:
-------------------------------------

According to [this 
post|https://github.com/FasterXML/jackson-databind/issues/1723], the 
vnlerability is fixed in 2.6.7.1, so upgrade Kylin's dependency to this version

> Upgrade jackson-databind
> ------------------------
>
>                 Key: KYLIN-3300
>                 URL: https://issues.apache.org/jira/browse/KYLIN-3300
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Integration
>    Affects Versions: v2.2.0, v2.3.0
>            Reporter: Shaofeng SHI
>            Assignee: Shaofeng SHI
>            Priority: Major
>         Attachments: KYLIN-3300.master.001.patch
>
>
> jackson-databind 2.6.3 and 2.6.5 are reported with security issue 
> (CVE-2017-7525), need ugprade



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (KYLIN-3300) Upgrade jackson-databind

Reply via email to