[ https://issues.apache.org/jira/browse/KYLIN-3300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16407297#comment-16407297 ]
Shaofeng SHI commented on KYLIN-3300: ------------------------------------- According to [this post|https://github.com/FasterXML/jackson-databind/issues/1723], the vnlerability is fixed in 2.6.7.1, so upgrade Kylin's dependency to this version > Upgrade jackson-databind > ------------------------ > > Key: KYLIN-3300 > URL: https://issues.apache.org/jira/browse/KYLIN-3300 > Project: Kylin > Issue Type: Improvement > Components: Integration > Affects Versions: v2.2.0, v2.3.0 > Reporter: Shaofeng SHI > Assignee: Shaofeng SHI > Priority: Major > Attachments: KYLIN-3300.master.001.patch > > > jackson-databind 2.6.3 and 2.6.5 are reported with security issue > (CVE-2017-7525), need ugprade -- This message was sent by Atlassian JIRA (v7.6.3#76005)