[ https://issues.apache.org/jira/browse/ARROW-16143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17523964#comment-17523964 ]
Hui Yu commented on ARROW-16143: -------------------------------- Thank you ! [~dsusanibara] [~lidavidm] > [Java] Upgrade jackson dependencies > ----------------------------------- > > Key: ARROW-16143 > URL: https://issues.apache.org/jira/browse/ARROW-16143 > Project: Apache Arrow > Issue Type: Bug > Components: Java > Affects Versions: 7.0.0 > Reporter: Hui Yu > Assignee: David Dali Susanibar Arce > Priority: Blocker > Labels: pull-request-available, security > Fix For: 8.0.0 > > Time Spent: 4h 40m > Remaining Estimate: 0h > > CVE-2020-36518 (https://github.com/advisories/GHSA-57j2-w4cx-62h2) reports a > security vulnerability for *jackson-databind* > Now the version of jackson for the master branch of Arrow is {*}2.11.4{*}, > that is not safe. > Can you upgrade the version of this depenency ? -- This message was sent by Atlassian Jira (v8.20.1#820001)