[
https://issues.apache.org/jira/browse/HADOOP-18493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17695269#comment-17695269
]
Steve Loughran commented on HADOOP-18493:
-----------------------------------------
[~phoebemaomao] here are the jackson libs in the 3.3.5 distribution
{code}
/share/hadoop/yarn/lib/jackson-jaxrs-base-2.12.7.jar
./share/hadoop/yarn/lib/jackson-jaxrs-json-provider-2.12.7.jar
./share/hadoop/yarn/lib/jackson-module-jaxb-annotations-2.12.7.jar
./share/hadoop/common/lib/jackson-core-2.12.7.jar
./share/hadoop/common/lib/jackson-core-asl-1.9.13.jar
./share/hadoop/common/lib/jackson-annotations-2.12.7.jar
./share/hadoop/common/lib/jackson-databind-2.12.7.1.jar
./share/hadoop/common/lib/jackson-mapper-asl-1.9.13.jar
./share/hadoop/hdfs/lib/jackson-core-2.12.7.jar
./share/hadoop/hdfs/lib/jackson-core-asl-1.9.13.jar
./share/hadoop/hdfs/lib/jackson-annotations-2.12.7.jar
./share/hadoop/hdfs/lib/jackson-databind-2.12.7.1.jar
./share/hadoop/hdfs/lib/jackson-mapper-asl-1.9.13.jar
{code}
> update jackson-databind 2.12.7.1 due to CVE fixes
> -------------------------------------------------
>
> Key: HADOOP-18493
> URL: https://issues.apache.org/jira/browse/HADOOP-18493
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.5
>
>
> * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42003]
> * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42004]
> * both fixes have been backported (the CVEs themselves need to be updated to
> reflect this)
> * [https://github.com/FasterXML/jackson-databind/pull/3622]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
