[
https://issues.apache.org/jira/browse/SPARK-29226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16979706#comment-16979706
]
Dongjoon Hyun commented on SPARK-29226:
---------------------------------------
Thank you for reporting, [~larsfrancke]. I'll follow up at your new JIRA.
Please link your JIRA to this issue.
BTW, Apache Spark 3.0.0 upgrades Arrow from 0.14 to 0.15. The result might be
different in master. Let see your JIRA.
> Upgrade jackson-databind to 2.9.10 and fix vulnerabilities.
> -----------------------------------------------------------
>
> Key: SPARK-29226
> URL: https://issues.apache.org/jira/browse/SPARK-29226
> Project: Spark
> Issue Type: Dependency upgrade
> Components: Build
> Affects Versions: 3.0.0
> Reporter: jiaan.geng
> Assignee: jiaan.geng
> Priority: Major
> Fix For: 3.0.0
>
>
> The current code uses com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.3
> and it will cause a security vulnerabilities. We could get some security info
> fromĀ https://www.tenable.com/cve/CVE-2019-16335
> This reference remind to upgrate the version of `jackson-databind` to 2.9.10
> or later.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
