Nicholas Marion created SPARK-33695: ---------------------------------------
Summary: Bump Jackson to 2.10.5 and databind to 2.10.5.1 Key: SPARK-33695 URL: https://issues.apache.org/jira/browse/SPARK-33695 Project: Spark Issue Type: Dependency upgrade Components: Build Affects Versions: 3.0.1, 2.4.7 Reporter: Nicholas Marion Jackson reported a vulnerability under CVE-2020-25649. The version pulled in Spark currently is 2.10.0. Upgrading to either 2.10.5.1 will resolve problem. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org