[jira] [Created] (PARQUET-2145) Release 1.12.3
Gidon Gershinsky created PARQUET-2145: - Summary: Release 1.12.3 Key: PARQUET-2145 URL: https://issues.apache.org/jira/browse/PARQUET-2145 Project: Parquet Issue Type: Task Components: parquet-mr Reporter: Gidon Gershinsky Fix For: 1.12.3 -- This message was sent by Atlassian Jira (v8.20.7#820007)
Re: Meeting notes for Parquet monthly sync - 4/27/2022
Hi all, we're starting to work on this part: *Release 1.12.3 SNAPSHOT release * Meaning that technically there will be two releases, starting with an unofficial snapshot of the current master for completing dependent prs in other projects - followed by the official parquet-mr-1.12.3 release. For the latter, I've created https://issues.apache.org/jira/browse/PARQUET-2145 . Feel free to add relevant jiras as dependencies for this one (preferably if their PRs are already merged in the master branch). I'll also make a pass over the recent commits / jiras. Cheers, Gidon On Wed, Apr 27, 2022 at 8:03 PM Xinli shang wrote: > 4/27/2022 > > Attendees (Timothy Miller, Vinoo Ganesh, Satish K, Gidon Gershinsky, Xinli > Shang, Huaxin Gao) > >1. > >Cell-Level encryption >1. > > Internal implementation and rollout > 2. > > Welcome new comments > 2. > >Release 1.12.3 >1. > > SNAPSHOT release - Gidon will take the lead > 3. > >ID resolution >1. > > Huaxin will address Ryan’s comments > 4. > >UUID support for parquet-cli >1. > > See some exceptions when running the tool. Timothy will investigate > it. > 5. The next meeting will be at 8:30 am on Tuesday > > > -- > Xinli Shang > VP Apache Parquet PMC Chair > Tech Lead Manager @ Uber Data Infra >
[jira] [Commented] (PARQUET-2127) Security risk in latest parquet-jackson-1.12.2.jar
[ https://issues.apache.org/jira/browse/PARQUET-2127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531612#comment-17531612 ] Brais Couce commented on PARQUET-2127: -- Hi, I see that the first PR was merged into master and there is a second PR to update again the version. Does this means that this ticket will be included in the next version (1.13.0)? Do you know if there is release date? Regards. > Security risk in latest parquet-jackson-1.12.2.jar > -- > > Key: PARQUET-2127 > URL: https://issues.apache.org/jira/browse/PARQUET-2127 > Project: Parquet > Issue Type: Improvement >Reporter: phoebe chen >Priority: Major > > Embed jackson-databind:2.11.4 has security risk of Possible DoS if using JDK > serialization to serialize JsonNode > ([https://github.com/FasterXML/jackson-databind/issues/3328] ), upgrade to > 2.13.1 can fix this. -- This message was sent by Atlassian Jira (v8.20.7#820007)
[GitHub] [parquet-mr] shangxinli commented on a diff in pull request #955: PARQUET-2127: update jackson-databind to 2.13.2.2
shangxinli commented on code in PR #955:
URL: https://github.com/apache/parquet-mr/pull/955#discussion_r865064710
##
pom.xml:
##
@@ -73,7 +73,7 @@
com.fasterxml.jackson.core
com.fasterxml.jackson
2.13.2
-${jackson.version}
+2.13.2.2
Review Comment:
What is the reason that we split the two versions(jackson.version,
jackson-databind.version)?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@parquet.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (PARQUET-2127) Security risk in latest parquet-jackson-1.12.2.jar
[
https://issues.apache.org/jira/browse/PARQUET-2127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531840#comment-17531840
]
ASF GitHub Bot commented on PARQUET-2127:
-
shangxinli commented on code in PR #955:
URL: https://github.com/apache/parquet-mr/pull/955#discussion_r865064710
##
pom.xml:
##
@@ -73,7 +73,7 @@
com.fasterxml.jackson.core
com.fasterxml.jackson
2.13.2
-${jackson.version}
+2.13.2.2
Review Comment:
What is the reason that we split the two versions(jackson.version,
jackson-databind.version)?
> Security risk in latest parquet-jackson-1.12.2.jar
> --
>
> Key: PARQUET-2127
> URL: https://issues.apache.org/jira/browse/PARQUET-2127
> Project: Parquet
> Issue Type: Improvement
>Reporter: phoebe chen
>Priority: Major
>
> Embed jackson-databind:2.11.4 has security risk of Possible DoS if using JDK
> serialization to serialize JsonNode
> ([https://github.com/FasterXML/jackson-databind/issues/3328] ), upgrade to
> 2.13.1 can fix this.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
