[ https://issues.apache.org/jira/browse/SPARK-34124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sean R. Owen resolved SPARK-34124. ---------------------------------- Resolution: Won't Fix > Upgrade jackson version to fix CVE-2020-36179 in Spark 2.4 > ---------------------------------------------------------- > > Key: SPARK-34124 > URL: https://issues.apache.org/jira/browse/SPARK-34124 > Project: Spark > Issue Type: Bug > Components: Build > Affects Versions: 2.4.7 > Reporter: Yang Jie > Priority: Minor > > > {code:java} > FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction > between serialization gadgets and typing, related to > oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.{code} > > [CVE-2020-36179|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36179] > Spark 2.4.7 still using Jackson 2.6.7 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org