[ https://issues.apache.org/jira/browse/KYLIN-5410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17685087#comment-17685087 ]
ASF subversion and git services commented on KYLIN-5410: -------------------------------------------------------- Commit e10de8726f5b4104f6e9e700ca78225444088b47 in kylin's branch refs/heads/kylin5 from Jiale He [ https://gitbox.apache.org/repos/asf?p=kylin.git;h=e10de8726f ] KYLIN-5410 Fix vulnerability, upgrade jackson-databind > Fix new high-risk vulnerability: CVE-2022-42004 / CVE-2022-42003 > ---------------------------------------------------------------- > > Key: KYLIN-5410 > URL: https://issues.apache.org/jira/browse/KYLIN-5410 > Project: Kylin > Issue Type: Bug > Affects Versions: 5.0-alpha > Reporter: longfeiJiang > Assignee: longfeiJiang > Priority: Major > Fix For: 5.0-alpha > > > CVE-2022-42004 | [https://nvd.nist.gov/vuln/detail/CVE-2022-42004] > CVE-2022-42003 | [https://nvd.nist.gov/vuln/detail/CVE-2022-42003] > > h2. How to fix? > > Upgrade {{com.fasterxml.jackson.core:jackson-databind}} to version 2.13.4 or > higher. -- This message was sent by Atlassian Jira (v8.20.10#820010)