Nicholas Marion created SPARK-33695:
---------------------------------------
Summary: Bump Jackson to 2.10.5 and databind to 2.10.5.1
Key: SPARK-33695
URL: https://issues.apache.org/jira/browse/SPARK-33695
Project: Spark
Issue Type: Dependency upgrade
Components: Build
Affects Versions: 3.0.1, 2.4.7
Reporter: Nicholas Marion
Jackson reported a vulnerability under CVE-2020-25649. The version pulled in
Spark currently is 2.10.0. Upgrading to either 2.10.5.1 will resolve problem.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
