Hui Yu created ARROW-16998: ------------------------------ Summary: [Java] Upgrade commons-codec dependencies Key: ARROW-16998 URL: https://issues.apache.org/jira/browse/ARROW-16998 Project: Apache Arrow Issue Type: Bug Components: Java Affects Versions: 8.0.0 Reporter: Hui Yu Fix For: 9.0.0
[INFO] +- org.apache.arrow:arrow-vector:jar:8.0.0:compile [INFO] | +- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile [INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile [INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.2:compile [INFO] | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.13.2:compile [INFO] | \- commons-codec:{*}commons-codec{*}:jar:1.10:compile https://issues.apache.org/jira/browse/CODEC-134 reports a security vulnerability for commons-codec The safe version is v1.13 Can you bump *commons-codec* ? -- This message was sent by Atlassian Jira (v8.20.10#820010)